
Teknologi.id - Apple’s reputation for watertight security is coming under scrutiny after apps posing as fitness-tracking tools were caught using the Touch ID fingerprint scanner to steal money from iOS users.
According to ESET researchers, the apps’ dodgy payment mechanism is activated when victims scan their fingerprint for fitness-tracking purposes. Available in the Apple App store until recently, the bogus apps – “Fitness Balance app” and “Calories Tracker app” – appeared in videos posted by Reddit users. It is thought the apps were created by the same developer due to similarities in the user interface and functionality.How did the apps trick users?
The malicious nature of the apps would not have been obvious. The Fitness Balance app had received an average of 4.3 stars and had 18 positive reviews – which were probably fake given that this is a known technique used by scammers. The scam starts when a user opens the app: it will request a fingerprint scan to allow the user to view personalized calorie tracker and diet recommendations. But once the user places their finger on the scanner, a pop-up appears showing a dodgy payment of $119.99, which is then verified by the victim’s Apple account and wired direct to the scammer. Victims reported the apps to Apple, which to its credit, removed them quickly from the App Store. When some users tried to directly contact the developer of the Fitness Balance app, they received a response promising to fix the reported “issues” in the upcoming version.
Tinggalkan Komentar