Masque Attack Leaves Apple Devices Vulnerable

After Apple’s much-publicized iCloud celebrity photo hack in August, Apple’s iOS system is under siege once more.

FireEye recently reported that they discovered a vulnerability in Apple’s iOS software, called “Masque Attack.” This new attack tricks users to download a malicious app with a deceiving name crafted by the hacker like, “New Angry Birds.”

The vulnerability exists because iOS doesn’t enforce matching certificates from apps with the same bundle identifier. Masque Attack couldn’t replace Apple’s own platform apps such as Mobile Safari, but it can replace apps installed from app store.

FireEye has identified 3 steps in which iOS users can protect themselves from Masque Attacks:

1.     Don’t install apps from third-party sources other than Apple’s official App Store or the user’s own organization

2.     Don’t click “Install” on a pop-up from a third-party web page,  no matter what the pop-up says about the app. The pop-up can show attractive app titles crafted by the attacker.

3.     When opening an app, if iOS shows an alert with “Untrusted App Developer”, click on “Don’t Trust” and uninstall the app immediately

Luckily, FireEye hasn’t identified any hackers that have used this method yet. However, it is a warning to users to be careful when downloading apps that don’t come from the official Apple Store.

Masque Attacks can replace authentic apps like banking apps, meaning that the hacker can steal a user’s banking information by replacing an authentic banking app with malware that has an identical UI.

Apple Pay users …beware.