.
Apple always says that finding vulnerability in their mobile operating system is quite difficult.But this time iOS users is targeting most than android users by attacks.According to report Masque pses bigger threat than WireLurker.A number of vulnerabilities discovered in Apple's iOS made iPhone and iPad vulnerable to cyber attacks and stealing sensitive information.Security Researchers at FireEye discovered a new vulnerability by which attacker can replace a genuine app with malware one.
"This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier,"FireEye security researchers said on the blog. "An attacker can leverage this vulnerability both through wireless networks and USB."
“After looking into WireLurker, we found that it started to utilize a limited form of Masque Attacks to attack iOS devices through USB,” researchers said. “Masque Attacks can pose much bigger threats than WireLurker. Masque Attacks can replace authentic apps,such as banking and email apps, using attacker’s malware through the Internet. That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly."
 |
| Example of Masque Attack |
Researchers tested this vulnerability on iOS 7.1.1,7.1.2,8.0,8.1 and 8.1.1 beta for both jailbroken and non-jailbroken devices.
According to FireEye 95 percent of iOS are vulnerable to this attack.FireEye also posted a demo video.
Steps To Protect Yourself From Masque Attack
- Don't install third party apps.
- Don't install app offered on pop-ups on third party website.
- If iOS shows an alert with Untrusted App Developer click on “Don’t Trust” and uninstall the app immediately
Post a Comment