Masque Attack : Your iPhone Apps may actually be malwaresHow does Masque work?All Apple iOS devices affectedPrecautions against Masque attack
In July, the FireEye mobile security team discovered that an iOS app installed using enterprise or ad-hoc provisioning could replace another genuine app installed through the App Store if both applications used the same bundle identifier. The vulnerability exists because iOS doesn’t enforce matching certificates for apps with the same bundle identifier, according to the firm. In an example of how an attack would work, FireEye sent a link to a test case user inviting them to download a new Flappy Bird update. When the person clicked the link, they unknowingly downloaded a hacked update to the legitimate Gmail app. The hacked Gmail app could look identical to the real thing but can send a copy of the users confidential email to a third party without users knowledge. FireEye says the same technique could be used to dupe people into uploading malicious versions of banking apps, that forward financial details including passwords to the hacker.
How does Masque work?
Once the victim is enticed into installing the malicious app, FireEye researchers explained, the illegitimate application will replace the genuine one. FireEye says the only pre-install apps like Mobile Safari are unaffected by this issue. According to FireEye, the attacker can leverage this issue both wirelessly and through USB.
All Apple iOS devices affected
The vulnerability has been verified by FireEye on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta on both jailbroken and non-jailbroken devices. FireEye said they had notified Apple on July 26 2014 but Apple had not responded immediately. FireEye said that they had seen the Masque being exploited in the wild.
Precautions against Masque attack
To avoid the threat, FireEye says there are three rules every iPhone and iPad users should follow: While the whole internet is going gaga over the masque attack, Apple has so far neither accepted nor denied the vulnerability.
