A New iPhone Security Flaw Can Replace Your Apps With Identical Versions Infested With Malware
Here's what you need to know.Masque Attack was first discovered by the mobile security research firm FireEye, and it's a major security flaw within Apple's mobile operating system, iOS.Advertisement
Masque Attack allows malicious parties to install duplicate versions of third-party apps on your iPhone or iPad, replacing your original app with theirs, which can access and monitor your data.
Basically, if someone were to take advantage of the Masque Attack vulnerability, all you would need to do on your end would be to click on a notification asking you to install some popular new app like the "New Flappy Bird." And interestingly enough, the exact wording of the pop-up ad could change, too, so attackers could hide the malware-infested apps within downloads and promise something like a Gmail update, or an update to another popular app.Once you click on the link, and click "Install" on the pop-up ad, and it's over.
So let's say you fall for the trick and you click install, thinking you're simply updating Gmail.The malicious app will then install itself over your original Gmail app, and you wouldn't even notice the difference. Below, FireEye has shown what this process looks like.Advertisement
Panels A and B show the real Gmail app. After clicking on the pop-up in panel C, the malicious app begins to download over the true Gmail app (panels D, E, and F), with the local data and emails still intact.If designed to duplicate a banking app like Bank of America or Chase, the malicious app could even record a user's log-in information, gaining access to their accounts.Advertisement
Usually, iOS would stop this from happening. But Masque Attack takes advantage of a hole within iOS that allows apps coded with the same "bundle identifier" to be installed over each other.
"This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier," FireEye said in a blog post. "We verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices."FireEye claims they alerted Apple to the threat of Masque Attack back on July 26, but since the vulnerability continues to exist, FireEye felt the public should know they are at risk.Advertisement
While FireEye's research highlights a major issue in iOS, there are no known attacks so far that take advantage of the Masque Attack vulnverability, though FireEye claims "We have seen proof that this issue started to circulate."
Luckily, there's an easy way to avoid falling victim to Masque Attack: Don't click on any download links messaged to you from people you don't know, and only download apps directly from the App Store.Since the vulnverability relies on you clicking a pop-up link offering an app download, just make sure you only download apps from Apple's official App Store. The only apps that are totally unaffected by Masque Attack are those that come installed on your iPhone or iPad, like Safari.Advertisement
To see a video demonstration of Masque Attack in action, click here.We have reached out to Apple for comment and will update this post when we hear back.
- Amazon pumps in money into MORE to take on the heavyweights Reliance Retail and DMart
- 30 COVID vaccine candidates being developed: Health Ministry
- INTERVIEW: Paytm trains its guns on Google while the payments app is back in Play Store
- IN PICS: Mitra and other humanoid robots help COVID-19 patients stuck in quarantine across hospitals in India
- Brands that demonstrate they care for consumers, communities and the environment will find favor with today’s and tomorrow’s consumers: Preeti Reddy, Kantar