Hack iOS Mail App: Exploit Working [Video]


Hack iOS Mail App Credentials: Exploit Working [Video] 
iOS 8.3 Mail app injection kit!This injection kit pawns every iOS 8.3 Mail app and  it is developed by Jan Soucek. He is exploiting a bug of iOS Mail app that lets hackers send fake prompts to access the password information of the user. So beware of the prompts if you are asked to enter the password and think twice giving your iOS credentials.

Back in January 2015 Jan stumbled upon a bug in iOS’s mail client, resulting in <meta http-equiv=refresh> HTML tag in e-mail messages not being ignored.

This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password “collector” using simple HTML and CSS.

It was filed under Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.

Demo:

Usage

  • Edit the e-mail address you would like to use for password collection in framework.php
  • Upload index.php, framework.php and mydata.txt to your server
  • Send an e-mail containing HTML code from e-mail.html to the research subject
  • Don’t forget to change the modal-username GET parameter value to the e-mail address of the recipient
  • You can use https://putsmail.com for testing purposes

Credits
Framework7: Vladimir Kharlampidi (http://www.idangero.us/framework7) – Framework7’s CSS code was used for the login dialog styling

License
MIT

Notes
The code detects that the research subject has already visited the page in the past (using cookies) and it stops displaying the password prompt to reduce suspicion.

The e-mail address and password are submitted via GET to framework.php, which then saves them to the mydata.txt file, sends them out via e-mail to the specified “collector” e-mail address and then returns the research subject back to Mail.app using redirect to message://dummy.

The password field has autofocus enabled. We then use focus detection to hide the login dialog once the password field loses its focus (e.g. after the subject clicks on OK and submits the password).

Download

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s