Hackers Just Won’t Leave iOS Alone, A New “Masque Attack” Is Here
You might have heard about hackers exploiting features of operating systems to hack into the apps and spreading malware, but you might not have heard about any such attacks on Macs or iOS so far. The wait is over, as new attacks on Mac and iOS were revealed in the last few days.
WireLurker — an attack on Mac and iOS devices — was detected by Palo Alto Networks, which is a security research agency. This attack infected the OS X computers and waited till the user inserted a USB. It then spread to the iOS devices including iPhones and iPads where it installed malware software.
This certainly hurt the reputation of OS X being malware-free. If this was not enough, FireEye, which is also a network security company, revealed a new type of attack possible on non-jailbroken iOS 7 and iOS 8 devices. They named it “Masque Attack.”
This attack is more powerful than WireLurker, as it doesn’t need a USB to spread itself. It would spread through any wireless network. However, it exploits the same vulnerability that is exploited by WireLurker.
How Masque Attack works?
This attack works by allowing the user to download an app via email or text message. It then replaces the existing legitimate app by its own app and record the user data.
It uses the opportunity put forward by a security weakness in iOS, that allows any app with the same name irrespective of the developer to replace the existing app. It means that if you download an app named Facebook developed by me, it would replace the existing Facebook app.
Another “great” work hackers have done this time is that the fake app is not shown as a new app, rather it replaces the app behind the icon that was already there. If you had Gmail already installed, fake app would just replace the app and you will load the app using the same Gmail icon you were using before.
“In the past these types of vulnerabilities involved dropping an app on your phone, but one thing that’s new about Masque Attack is that it uses an icon that’s already on your phone and replaces the app behind it,” said Jeremy Linden, senior security product manager at Lookout.
“If you just saw a random banking app on page 5 of your iPhone, you’re not going to be eager to click it and enter your login credentials. But if you’re already trusting this icon, you might. Classic social engineering at play.”
Is Masque Attack dangerous for me?
FireEye showed a demo video of how Masque Attack could be used to replace the existing legitimate Gmail app with fake app and record user credentials as well as record all emails. Also since it is not apparent to the user whether a fake app is being used, this attack is dangerous for people accessing sensitive information like bank accounts.
What can I do right now?
FireEye recommends that users do not download apps from third parties. Only download apps from App Store or trusted sources. This attack is being studied by Apple and a fix is expected to arrive in coming weeks.
[Image Credit: Lisa A/Shutterstock]