Tuesday, November 11, 2014

Apple iOS flaw is an open door to hackers

Just saying "no" seems to be the simplest and most effective way to avoid falling prey to the recently discovered masque attacks, which makes use of an iOS flaw to replace trusted apps with malicious doppelgangers.
FireEye discovered the iOS vulnerability back in July and the security firm says it notified Apple about the issue. FireEye says the vulnerability affects iOS versions 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta.
The masque attacks make their way into iOS through a portal Apple left open for enterprise organizations, which could use the pipeline to install software to mobile devices in large batches. Only third-party apps are vulnerable to being replaced through the masque attacks, as native Apple apps are backed by bundle identifiers and digital certificates.
The attacks are launched from emails and webpages, with which hackers attempt to get iOS users to install apps outside of the iTunes App Store. The WireLurker
 malware has been seen passing through the same flaw the masque attacks use.
FireEye say masque attacks can be used to replace authentic apps from third-party developers. A Bank of America or Gmail app, for example, can be replaced with software that mirrors the user interfaces of the originals.
"Surprisingly, the malware can even access the original app's local data, which wasn't removed when the original app was replaced," FireEye says. "These data may contain cached emails, or even login-tokens which the malware can use to log into the user's account directly."
While the malicious software replaces user interfaces with login and welcome screens that appear authentic, it leaves local app data in place. Cached login credentials can be used to access a victim's bank accounts without having to wait for the individual to log into the phony app.
Because the masque attacks are only capable of being launched outside of the App Store, the best way to avoid falling prey to them is to avoid installing apps outside of Apple's sanctioned environment.
"You can just say 'Don't install.' As long as you do that, you will be protected from this vulnerability," says David Richardson, iOS product manager at mobile security firm Lookout.
FireEye also warns iOS users to hit the "don't trust" option, should they ever come across an app that's flagged by Apple as an "Untrusted App Developer.
FireEye says iOS 7 users can generate reports of enterprise-provisioning profiles. The profiles can be checked out at the enterprise organization's security department, revealing the presence or absence of apps installed via masque attacks. Currently, iOS 8 offers no such ability, leaving users just a little more vulnerable right now.

No comments:

Post a Comment