Apple Devices Vulnerable to Hacker Attack That Mimics App Names


Userlevel 7
Badge +54
It seems like with all the recent assaults against Apple that they are becoming a huge target now, and it was not very long ago that if you mentioned malware or viruses to someone with an Apple, the reply would be that their systems were never attacked. Well watch out folks you are not as safe as you thought you were.
 
By Amy Thomson Nov 10, 2014
 
"Hackers are targeting devices that run Apple Inc. (AAPL) operating systems by creating fake programs that mimic real e-mail and game applications to steal a user’s information, cybersecurity company FireEye (FEYE) Inc. said.
 
FireEye is calling the trick a Masque Attack, the company said in a blog post today. It takes advantage of a flaw in Apple’s iOS 7 and 8 mobile software that lets hackers install fraudulent apps on devices through e-mail and text messages as long as the fake program has the same file name as the legitimate one.
 
Devices running Apple software, long considered safer from hackers than systems like Microsoft Corp.’s Windows and Google Inc.’s Android, have become more common targets. The Masque Attack technique is the same one used by WireLurker, malware discovered by security provider Palo Alto Networks Inc. that was designed to steal information from apps running on Apple’s operating systems for personal computers and mobile gadgets."
 
Full Article
 

12 replies

Userlevel 7
Badge +54
By David Gilbert November 10, 2014 http://d.ibtimes.co.uk/en/full/1401633/iphone-6-review.jpg?w=720&h=444&l=50&t=40Security company Fire-Eye has uncovered a security flaw in iOS called Masque Attack which could allow attackers steal highly sensitive, personal informationIBTimes UKA serious security flaw in iOS 8 called Masque Attack has been discovered which could allow attackers steal highly sensitive, personal information by masquerading as legitimate apps such as email or banking software.
The latest security vulnerability reported in Apple's mobile operating system comes just a week after a threat called WireLurker was uncovered attacking iPhone and iPad users in China.
 
Full Article
Userlevel 7
Badge +62
Hello Webrooters!
 
Thank you Jasper for another sad and informative article to our IOSs. Everybody with an IOS/iphones and connecting to a Mac via USB and installing an updating your devices please read this article on how to protect yourself fom these serious flaws.:@
 
 
 
Userlevel 7
Badge +54
It has been known about since JULY!!!!!!!!!!!!!!!!!!!!
 
11/10/2014 Ericka Chickowski
 
Masque Attack replaces legit apps with malware using the same bundle identifier names.
 The majority of non-jailbroken iOS devices are vulnerable to an attack method that could replace genuine apps with malware through a bit of application-naming skullduggery. Dubbed a "Masque Attack" by the FireEye researchers who discovered this technique this summer, the attack was described publicly for the first time in a report today.
 
FireEye had previously held details about the attack methods close to the vest to give Apple time to handle a disclosure made to Cupertino at the end of July. But after examining the WireLurker malware that hit headlines last week, researchers with FireEye found it was using Masque methods and felt it necessary to shed light on a vulnerability that it says affects 95% of iOS devices.
 
Full Article
Userlevel 5
Thank god i don't have that app.
Userlevel 7
Badge +54
@Var wrote:
Thank god i don't have that app.
Hi Var.
Unfortunately Var it is not just one particular App at all.
Userlevel 5
I'm now scared.
Userlevel 7
Badge +62
Well this certainly throws a wrench in Apples so called Security! Very upsetting and the time line is ridiculous!!
Userlevel 5
Apple has failed so much these past months.
Userlevel 7
Badge +56
@ wrote:
Well this certainly throws a wrench in Apples so called Security! Very upsetting and the time line is ridiculous!!
Yeppers! You are eatings apples now right or going to make an Apple Pie? LOL
 
Daniel 😃
Userlevel 7
Badge +62
Yes Daniel ,

I still like Apple pie! 😉. Which will be my downfall!
Userlevel 7
Badge +54
Summary: Apple has downplayed the risk the Masque bug plays for users of iOS devices running iOS 7 or later.
By Charlie Osborne for Zero Day | November 14, 2014
 
Apple has downplayed exploit fears stemming from the discovery of a security loophole which could trick users into downloading malicious apps on to their iOS devices.
On Monday, security researchers at FireEye detailed the discovery of the Masque bug in a new report. The researchers said the bug, in which apps running on iOS 7.1.1 and later -- including the latest iOS 8 -- can be replaced with malicious, legitimate-looking applications. Once granted access to a user's device, these apps could theoretically install malware or steal user data.
The "Masque Attack" relies on users falling for phishing attacks and clicking on malicious links in either emails or text messages that point to an app download. It is important to note that these apps are outside the safer confines of Apple's App Store.
FireEye researchers said:
"This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier. An attacker can leverage this vulnerability both through wireless networks and USB."
 
Full Article
 
 
Userlevel 7
Badge +54
Summary: The Masque bug that affects iOS apps has the potential to steal data from legitimate sources, due to a lack of encryption in apps across the board.
 
By Charlie Osborne for Zero Day | November 21, 2014
 
EXCERPT
 
However, an additional facet of the Masque bug has been discovered. Trend Micro researchers have found a new way for malicious apps installed through a Masque attack to hurt a user: by accessing unencrypted data used by legitimate apps.
According to the security team, when Masque has found its way onto a device through enterprise provisioning — which allows companies to install homegrown apps on iOS devices without the need to be reviewed by Apple — data can be stolen from legitimate apps that lack encryption.
 
Full Article

Reply