TORONTO – The U.S. government is urging Apple users to watch out for hackers who may exploit a vulnerability in the tech giant’s mobile operating system iOS in order to steal user data.
Known as the “Masque Attack,” the vulnerability would allow an attacker to lure users into installing a malicious app from a third-party app store onto their devices. The malicious app would then replace a legitimate app on users’ devices – keeping all of their data – and posing as the legitimate app.
The vulnerability was discovered by security research firm FireEye earlier this week and a warning from the U.S. Computer Emergency Readiness Teams (CERT) was posted Thursday in reaction to the findings.
“This technique takes advantage of a security weakness that allows an untrusted app—with the same ‘bundle identifier’ as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data,” reads the security bulletin.
“This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier. Apple’s own iOS platform apps, such as Mobile Safari, are not vulnerable.”
In order for the attack to succeed, the user would have to download an untrusted app. CERT warns that hackers may try to trick users into downloading these apps by phishing scams that include links to malicious apps.
READ MORE: How to recognize and avoid online phishing scams
Once a malicious app is downloaded hackers would be able to steal the user’s login credentials, access data from their device and even perform background monitoring on the device.
The vulnerability affects iOS version 7.1.1, 7.1.2, 8.0, and 8.1.
Apple maintains that there are no known exploits of the Masque Attack at this time; however, in a statement issued to Global News Friday the company urged users to download apps from trusted sources like its App Store.
“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We’re not aware of any customers that have actually been affected by this attack,” an Apple spokesperson said via email.
“We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”
Masque Attack’s discovery comes just a week after another form of malware affecting iOS devices was discovered in China.
READ MORE: What you need to know about ‘WireLurker’ malware affecting iPhones
Dubbed “WireLurker,” the malware installs malicious third-party apps on devices running Apple’s mobile operating system iOS once it’s connected via USB to a Mac computer. The malware was used to infect more than 450 apps in the Maiyadi App Store, a third-party Mac app store used in China. However, the attacks were limited to Chinese users.
Can users protect themselves?
It’s important to remember that this type of attack only takes place if the user downloads an app from a third-party app store or untrusted source.
Apps found in Apple’s official App Store are not affected.
Apple also has safeguards in place to protect users – including pop-up warnings when an app from an untrusted source is downloaded.
If you do download an app that is marked as “untrusted,” a warning will pop up on your device. If this happens tap, “Don’t Trust” and uninstall the app immediately.
Comments