Masque Attack — New iOS Vulnerability Allows Hackers to Replace Apps with Malware
Android have been a long time target for cyber criminals, but now it seems that they have turned their way towards iOS devices. Apple always says that hacking their devices is too difficult for cyber crooks, but a single app has made it possible for anyone to hack an iPhone.

A security flaw in Apple's mobile iOS operating system has made most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices, security researchers warned.

The details about this new vulnerability was published by the Cyber security firm FireEye on its blog on Monday, saying the flaw allows hackers to access devices by fooling users to download and install malicious iOS applications on their iPhone or iPad via tainted text messages, emails and Web links.

The malicious iOS apps can then be used to replace the legitimate apps, such as banking or social networking apps, that were installed through Apple's official App Store through a technique that FireEye has dubbed "Masque Attack."
"This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier," the researchers said on the company's blog. "An attacker can leverage this vulnerability both through wireless networks and USB."
Masque attacks can be used by cyber criminals to steal banking and email login credentials or users' other sensitive information.

Security researchers found that the Masque attack works on Apple's mobile operating system including iOS 7.1.1, 7.1.2, 8.0, 8.1, and the 8.1.1 beta version and that all of the iPhones and iPads running iOS 7 or later, regardless of whether or not the device is jailbroken are at risk.

According to FireEye, the vast majority, i.e. 95 percent, of all iOS devices currently in use are potentially vulnerable to the attack.

The Masque Attack technique is the same used by "WireLurker," malware attack discovered last week by security firm Palo Alto Networks targeting Apple users in China, that allowed unapproved apps designed to steal information downloaded from the Internet. But this recently-discovered malware threat is reportedly a "much bigger threat" than Wirelurker.
"Masque Attacks can pose much bigger threats than WireLurker," the researchers said. "Masque Attacks can replace authentic apps,such as banking and email apps, using attacker's malware through the Internet. That means the attacker can steal user's banking credentials by replacing an authentic banking app with an malware that has identical UI."

"Surprisingly, the malware can even access the original app's local data, which wasn't removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user's account directly."
Apple devices running iOS are long considered more safe from hackers than devices running OS like Microsoft's Windows and Google's Android, but iOS have now become more common targets for cybercriminals.

In order to avoid falling victim to Masque Attack, users can follow some simple steps given below:
  • Do not download any apps offer to you via email, text messages, or web links.
  • Don't install apps offered on pop-ups from third-party websites.
  • If iOS alerts a user about an "Untrusted App Developer," click "Don't Trust" on the alert and immediately uninstall the application.
In short, a simple way to safeguard your devices from these kind of threats is to avoid downloading apps from untrusted sources, and only download apps directly from the App Store.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.