iOS Devices Open To Risk Due To Masque Attack
Apparently, iPhones and iPads are not safe from remote attacks despite the measures made by the tech giant. Dubbed as "Masque attack" by the security firm FireEye, attackers can trick users into replacing legitimate apps such as banking apps that is connected to user's personal information with hacked or fake apps that will transfer important information to cyber criminals.
These fake apps can be distributed through emails or through weblinks and can be installed using the iOS's enterprise provisioning system. The system allows apps to be added to the user's device outside of the app store. The security firm also added that such act is possible because iOS does not verify that the code signing certificate is the same for apps that use the same bundle identifier, Apple Insider reports.
To illustrate, an app which has the same bundle identifier with Bank of America's mobile banking could be installed to replace the legitimate Bank of America app. The fake app mimics the user's interface thus sending log-in data back to the hacker's server.
The affected OS versions are iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta. Almost the same form of the Masque attack was used in the "Wirelurker" attacks in China. The malware that hit China could install third-party apps in non-jailbroken iOS devices then from infected devices to other Macs and iPhones through USB connector-cables, CBC News reports.
Compared to the Wirelurker, Masque attacks can be a bigger threat for it can easily replace a user's banking and email apps with fake apps that will send banking and email data straight to the hackers. The only apps that are not affected by the malware are those default apps like Safari and Mail.
The security firm gave some measures in order for users to protect themselves from the malware. Users are advised to install apps that are from Apple's app store only and to avoid clicking "install" on pop-ups from third party websites. Users are also reminded to immediately uninstall any apps that show an alert with "Untrusted app Developer" when the user tries to open it.
Apple was said to be notified by FireEye about the danger last July 26. Apparently, Apple has yet to give official announcement on the issue.