iOS Masque Attack flaw discovered by researchers
Masque Attack hole could be more dangerous to the iPhone and iPad than WireLurker
Reserachers have discovered a flaw in Apple's iOS operating system that could make an iPhone or iPad vulnerable to attack from hackers.
The flaw, dubbed Masque Attack, allows criminals to access iOS devices by tricking users into installing malware via email, text messages and URL links, according to IT security firm FireEye.
The malicious applications can then replace genuine apps downloaded from the Apple App Store with malware-tainted versions. FireEye said in a blog posting that this vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier.
"Attackers could mimic the original app's login interface to steal the victim's login credentials," said Hui Xue, Tao Wei and Yulong Zhang in the post.
"We have confirmed this through multiple email and banking apps, where the malware uses a UI identical to the original app to trick the user into entering real login credentials and upload them to a remote server."
The researchers added that an attacker could also use Masque Attack to bypass the normal app sandbox and then get root privileges by attacking known iOS vulnerabilities.
FireEye disclosed the problem to Apple in July. The researchers said Masque Attack posed a much bigger threat than WireLurker as it can replace authentic apps, such as banking and email apps, using attackers' malware through the internet.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The malware can even access the original app's local data, if it hadn't been removed when the original app was replaced. "These data may contain cached emails, or even login-tokens which the malware can use to log into the user's account directly," the researchers added.
The researchers also warned users not to install apps from third-party sources other than Apple's official App Store or the user's own organisation, saying: "When opening an app, if iOS shows an alert with Untrusted App Developer', Click on 'Don't Trust' and uninstall the app immediately."
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.