Home / Uncategorized / AWS iOS SDK iCloud phishing example using a man-in-the-middle attack

AWS iOS SDK iCloud phishing example using a man-in-the-middle attack

Want create site? Find Free WordPress Themes and plugins.



The demo shows a man-in-the-middle attack in action. There is a Raspberry PI in the network (attacker), and I use my Mac without any special configuration. All the attacker needs is to be in the same network, no matter if it’s an open or closed network.

The attacker will do a man-in-the-middle attack to modify the AWS SDK source code while it’s being downloaded to insert malicious code.

In this video you can see a sample app that only shows a map. After adding the AWS SDK to the project, the SDK runs its malicious code and shows an iCloud phishing popup, printing the raw iCloud password in the log after the user entered it. The hack could very easily send the cleartext password to any remote server, or do other things, like access the user’s location history using image data or record the user without them knowing (https://krausefx.com/privacy)

Thanks Manu (https://twitter.com/acrooow) for the great voice over for this video

More information on https://krausefx.com/blog/trusting-sdks

source

Did you find apk for android? You can find new Free Android Games and apps.

About petras

Check Also

PixelGun3D hacked Icloud 13.5.3 [ios/Android]

Want create site? Find Free WordPress Themes and plugins. LIMITED TIME OFFER ONLY FOR THE …

Leave a Reply