Search
  • Webmaster

Apple targeted in recent cyber attack.

The Masque Attack

OS X/iOS has was the target recently of what has been referred to as "The Masque Attack." This attack tricks victims into installing malicious apps from third-party app stores, such as Cydia (an unofficial iOS app store available to jailbroken iOS devices) and Lima (a browser-based app installer for jailbroken iPhones). This scheme can be particularly threatening to companies that have BYOD (Bring Your Own Device) policies, as it makes it harder for the IT departments to distinguish fake apps from original ones. This attack is also known to bypass the app sandbox and gain access to root privileges by attacking known iOS vulnerabilities.

Discovery

We have FireEye mobile security researchers to thank for discovering this recent attack, as they discovered back in July that an iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as both apps used the same bundle identifiers. The genius behind this attack, is that while the app may appear under a different name within the App Store, once installed, it can actually replace the geniuine app without the user ever knowing.

Why is this even possible?

As much as Apple boasts about their technology being immune to attacks and viruses, there exist vulnerabilities within their certificate rules when installing applications. iOS doesn't enforce matching certificates for apps with the same bundle identifer.

Impact

This can have a serious impact on users because this can replace genuine, trusted apps on the victim's mobile device. That means that the attacker is able to replace a banking app, email app, etc. and steal banking credentials and other personal information. The malware can even go as far as to access the original app's local data, that could potentially contain login-tokens, which the malware can then use to directly access the user's account.

Beyond a general user, this could be a larger issue for an enterprise or company that distribute apps to their employees. Since these apps are not subject to Apple's review process, the attack can leverage iOS private APIs for stronger, or larger-scale attacks such as background monitoring and mimic iCloud's UI to steal the user's Apple ID and password.

This article was published by Alex Nieves, 11/14/2014.

3 views0 comments

Recent Posts

See All

Over Half a Million Dollars in Display Advertising

In 2019, ATA sold over $500k in digital advertising to its customers. That number continues to increase due to the impressive return on investment (ROI) generated by digital ads. For companies that wa

ATA Awarded GSA Schedule 70

In November 2019, GSA awarded ATA with its Schedule 70 making it easier for the government to buy from us. The government can simply go online and purchase our cyber security, information security, an

EMC and Advanced Threat Analysis team up.

EMC builds information infrastructures and virtual infrastructures to help people and businesses around the world unleash the power of their digital information. EMC offerings in backup and recovery,