A New iPhone Security Flaw Can Replace Your Apps With Identical Versions Infested With Malware
Here's what you need to know.Masque Attack was first discovered by the mobile security research firm FireEye, and it's a major security flaw within Apple's mobile operating system, iOS.Advertisement
Masque Attack allows malicious parties to install duplicate versions of third-party apps on your iPhone or iPad, replacing your original app with theirs, which can access and monitor your data.
Basically, if someone were to take advantage of the Masque Attack vulnerability, all you would need to do on your end would be to click on a notification asking you to install some popular new app like the "New Flappy Bird." And interestingly enough, the exact wording of the pop-up ad could change, too, so attackers could hide the malware-infested apps within downloads and promise something like a Gmail update, or an update to another popular app.Once you click on the link, and click "Install" on the pop-up ad, and it's over.
So let's say you fall for the trick and you click install, thinking you're simply updating Gmail.The malicious app will then install itself over your original Gmail app, and you wouldn't even notice the difference. Below, FireEye has shown what this process looks like.Advertisement
Panels A and B show the real Gmail app. After clicking on the pop-up in panel C, the malicious app begins to download over the true Gmail app (panels D, E, and F), with the local data and emails still intact.If designed to duplicate a banking app like Bank of America or Chase, the malicious app could even record a user's log-in information, gaining access to their accounts.Advertisement
Usually, iOS would stop this from happening. But Masque Attack takes advantage of a hole within iOS that allows apps coded with the same "bundle identifier" to be installed over each other.
"This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier," FireEye said in a blog post. "We verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices."FireEye claims they alerted Apple to the threat of Masque Attack back on July 26, but since the vulnerability continues to exist, FireEye felt the public should know they are at risk.Advertisement
While FireEye's research highlights a major issue in iOS, there are no known attacks so far that take advantage of the Masque Attack vulnverability, though FireEye claims "We have seen proof that this issue started to circulate."
Luckily, there's an easy way to avoid falling victim to Masque Attack: Don't click on any download links messaged to you from people you don't know, and only download apps directly from the App Store.Since the vulnverability relies on you clicking a pop-up link offering an app download, just make sure you only download apps from Apple's official App Store. The only apps that are totally unaffected by Masque Attack are those that come installed on your iPhone or iPad, like Safari.Advertisement
To see a video demonstration of Masque Attack in action, click here.We have reached out to Apple for comment and will update this post when we hear back.
- Indian lenders like SBI, Axis Bank and others need $20 billion in capital— most of it will go into filling up NPA holes
- NASA, SpaceX postpone historic astronauts launch (2nd Ld)
- NASA, SpaceX postpone historic astronauts launch
- 5 persons test positive for COVID-19 in Manipur, total rises to 44
- 32 people test positive for COVID-19 in Jharkhand, total now 458