Follow
The recently discovered Masque Attack that threatened the iPhone and iOs devices mainly is not as dangerous as it was initially believed. The “virus” was discovered by the security company called FireEye and they said that the threat has been around for some time. Also, the Masque Attack threat is quite easy to avoid, said FireEye. The only thing iOs users should worry about is the overall Apple security, which proved to be not exactly flawless.
The California based security firm FireEye explained how a corruoted iOS app can be installed on an iOS device, through a mistake in the misuse of the developer or enterprise certificates. These corrupted mobile apps can spy on the phone’s user and can eventually take over the entire phone.
FireEye says that Masque Attack has been known for quite some time and it’s based on a flaw in the iOS security model, the same that caused the WireLurker malware. The WireLurker was the first malware to affect a non-jailbroken iOS device.
Usually, iOS devices owners take their apps only from authorized places like the iTunes App Store, which is strictly maintained by Apple. The iOS devices always check if the apps have the Apple certificate, which is a sort of signature that confirms the apps were made by Apple.
But Apple also gives their certificate to other large enterprises and software developers. Developers usually install unfinished apps on iPhones in order to test their software. Each developer can use the Apple certificate up to 100 times. Also, enterprises have to install the apps on the employee iOS devices and each certificate can be used unlimitedly.
Stefan Esser, who is a German security researcher, said that:
“It is known for YEARS that enterprise certificates can replace iOS apps on the fly.”
FireEye explained how the Masque Attack really works: an iOS user is lured on a website that has a corrupted app that has an official app name like “New Flappy Bird”. The app is not the same as the official, safe one , but it’s a malicious app that can have access to the user’s private details, like his Gmail account.
