'Masque Attack' Bug Threatens iOS Users
Source: tephanie Mlot
Apple iOS users, beware: A bug discovered in Apple's mobile operating system can leave iPhones and iPads vulnerable to attacks.
Uncovered in July by FireEye mobile security researchers, the "Masque Attack" allows hackers to replace a legitimate app with a phony one, then track and collect private information.
That data―cached emails, login tokens, etc.―can then be used by the attacker to log into the victim's accounts.
Users should be on the lookout for pop-up messages that prompt them to install something like an updated version of Flappy Bird or the latest Angry Birds title.
As demonstrated in the video below, clicking on a malicious link could open the door to attackers, who mimic an original app's login interface to steal the victim's credentials. FireEye highlights the bug via the official Gmail application, downloaded to an iPhone from the iTunes App Store.
"We have confirmed this attack with email apps where the malware can steal local caches of important emails and upload them to [a] remote server," the blog said.
Worst of all, the malware is almost indistinguishable to the victim, who is unlikely to realize they have been duped.
"In this situation, we consider it urgent to let the public know," FireEye said, "since there could be existing attacks that haven't been found by security vendors."
The firm notified Apple about the vulnerability on July 26. Cupertino did not respond to PCMag's request for comment.
Masque AttackApple is known for having tight control over its App Store, so how are the attackers getting around that? As an exec from security firm Lookout told Reuters, Apple lets large businesses release custom software without going through the App Store approval process. Apple doesn't review those apps for malware like it does other App Store submissions, but users have the option to opt out of having them installed, which Lookout and FireEye suggested users do.
If a pop-up appears that warns you about an "untrusted app developer," do not proceed, FireEye said. Click "don't trust" and uninstall that app.
Those still running iOS 7 can check whether their device has been infiltrated (Settings > General > Profiles > Provisioning Profiles; deleting a provisioning profile will prevent linked apps from running). iOS 8 users, unfortunately, are out of luck, because the new OS doesn't show provisioning profiles already installed on the devices.
"Because all the existing standard protections or interfaces by Apple cannot prevent such an attack," FireEye said, "we are asking Apple to provide more powerful interfaces to professional security vendors to protect enterprise users from these and other advanced attacks."
News of the Masque Attack comes days after Palo Alto Networks announced the WireLurker virus that affects Apple users in China. The bug can infiltrate iOS devices connected to an infected Mac via USB, and automatically install third-party apps on the iPhone, iPad, or iPod touch, regardless of whether the gadget is jailbroken. See the video below for more.
FireEye suggested that the new Masque Attacks could pose an even bigger threat.
| }
|