This attack allow hacker to convert your iPhone app into a Malware. When you install an app from App Store using enterprise/adhoc provisioning then it could be replaced by another app named with “New Flappy Bird” which leads to change in genuine app into a malware.
|Masque Attack Experimental Example|
All apps are vulnerable to this attack except iOS pre-installed app like Mobile Safari. Gmail App be replaced with malware. Your personal emails and confidential data and other are at risk with this attack. Surprisingly this app does not change internal data of your app. It allows access to attacker to steal your information. As the above picture shows
The reason this vulnerability exist is that iOS does not enforce matching certificates for apps with same bundle identifier. So it allows hacker to get into your phones iOS and replace it with malware.
This vulnerability exist in following iOS versions
- 8.1.1 beta
- Don’t install any app from other third-party websites if you don’t trust them
- Install apps from official App Store only
- When a pop-up app appears suddenly with New Flappy Bird or Untrusted Developer than please don’t install that app.
- You can check your previously installed app for attack by getting into Setting > General > Profiles > Provisioning Profiles. Read all information given here and if you find any suspicious thing report it to security departments.