A prominent cyber security firm has released information that Apple Inc. devices including iPhones and iPads are vulnerable to cyber-attack by hackers seeking sensitive or personal data through the company’s iOS operating system. Security researchers have discovered that a mobile app installed using enterprise/ad hoc provisioning can potentially replace other genuine apps already purchased through the Apple store after it has been installed, as long as the fake app has the same bundle identifier. The malicious app may at first display an attractive fake title, luring users into installing it and allowing it to replace other apps on the iOS device.
According to Cybersecurity firm FireEye Inc. which is well-respected for its ongoing research, all apps except those originally installed on the Apple Inc. device at the time of purchase can be replaced. The biggest danger to iPhone users is that apps dealing with potentially sensitive information such as mobile banking can also be accessed and replaced, posing a significant security threat to thousands of Apple customers.
The process has been labelled “Masque Attack” by FireEye, who stated that an attacker could use Masque Attack to access the login information for an iPhone user’s mobile banking or even their email accounts. The attack can be launched through USB and also through wireless networks. FireEye has so far discovered the vulnerability on all iOS 7 and IOS 8 operating systems.
Since finding evidence that some devices had already come under attack from “WireLurker” malware, which utilized a primitive form of Masque Attack to access iOS devices, FireEye has released this information publicly in an attempt to minimize the potential damage Masque Attack could cause. In a controversial blog post, FireEye stated that the company had already informed Apple Inc. of the problem as early as July this year, meaning that Apple Inc. had been aware of the potential for iPhone and other devices to be attacked through iOS even before it released the most recent iOS 8 operating system in conjunction with the new iPhone 6.
Apple Inc. has long enjoyed the trust of its consumers thanks to its robust security measures that keep the iOS system relatively safe compared to other products such as Android Mobile devices and Microsoft Windows. According to FireEye however, there is no current security programming in place to prevent an attack and all Apple devices operating iOS are currently vulnerable. Though Apple has so far been unavailable to comment, FireEye Senior Staff Research Scientist Tao Wei said he had been informed by a company representative that they were working to fix the problem.
FireEye has released information on its blog about how iPhone users can help to prevent their Apple Inc. devices from becoming infected through Masque Attack. The company has advised all iPhone and iPad users not to install new apps from any source other than the Apple store and to mistrust any app from a third-party. It also cautioned that Masque Attack may be present in online pop-ups that offer apps with attractive titles. FireEye has suggested that users select “Don’t Install” on all pop-ups from third-party web pages no matter what the pop-up says about the app it is offering. Finally, when opening a new app, if an iOS alert shows “Untrusted App Developer,” the user should select “Don’t trust” and immediately uninstall the app.
By Mathew Channer