Masque Attack Could Converts iPhone app into Malware

iOS is considered a bit more secure in comparison to android in the past and is less vulnerable to viruses but it has been proved wrong by recently discovered vulnerability in iOS named “Masque Attack” by security researchers at FireEye

This attack allow hacker to convert your iPhone app into a Malware. When you install an app from App Store using enterprise/adhoc provisioning then it could be replaced by another app named with “New Flappy Bird” which leads to change in genuine app into a malware. 

Masque Attack
Masque Attack Experimental Example

All apps are vulnerable to this attack except iOS pre-installed app like Mobile Safari. Gmail App be replaced with malware. Your personal emails and confidential data and other are at risk with this attack. Surprisingly this app does not change internal data of your app. It allows access to attacker to steal your information. As the above picture shows 

The reason this vulnerability exist is that iOS does not enforce matching certificates for apps with same bundle identifier. So it allows hacker to get into your phones iOS and replace it with malware.

This vulnerability exist in following iOS versions

  • 7.1.1
  • 7.1.2
  • 8.0
  • 8.1
  • 8.1.1 beta
Both jail-broken and non-jailbroken devices are equally vulnerable. This attack is even worst than that of Wirelucker as it could get through USB and WiFi too. 

Precautions:

Following are some precautions that FireEye told are given below:
  • Don’t install any app from other third-party websites if you don’t trust them
  • Install apps from official App Store only
  • When a pop-up app appears suddenly with New Flappy Bird or Untrusted Developer than please don’t install that app.
  • You can check your previously installed app for attack by getting into Setting > General > Profiles > Provisioning Profiles. Read all information given here and if you find any suspicious thing report it to security departments.
NOTE: iOS 8 users must be extra precautioned as it does not show Provisioning Profiles.
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments