News  Apple
Masque Attack threat to iPhones, iPads

Hackers can fake legitimate apps

A vulnerability in all Apple devices running iOS7 or later - that's a whopping 95% of them - has surfaced which can trick users into replacing installed Apps which they are familiar with, and therefore trust, with malicious ones.

Termed "Masque Attack" by the internet security company FireEye, the attack worked by replacing the icons on a users home screen with identical ones the user was familiar with. The Apps these launched, however, had been replaced by malware.

Getting these apps onto the devices in the first place was always considered nearly impossible, but with the recent discovery of malware such as "WireLurker" this now becomes a real concern.

Hits non-jailbroken devices

The usual defence for Apple virus attacks is for the user not to jailbreak their device and to only install software from the App Store. The worry with Masque Attack is the fact that this is no longer true - it can infect all devices. This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier. An attacker can leverage this vulnerability both through wireless networks and USB.

Apple reassures users

256x188-cloudburglarOn its blog, Apple said: 

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson told iMore. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website." 

US Government issues an Alert 

The US government considers the Masque Attack serious enough to issue an alert

"This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system,” US-CERT explained. From there, the fake app may let a hacker control the infected device and “access sensitive data from local data caches,” “perform background monitoring of the user’s device” and “gain root privileges to the iOS device."

Apple Insider pointed out this attack is not viral and can't infect users devices unless they intentionally bypass the standard Apple security mechanisms installed by default.