Mobile-security
researchers have identified an iOS security flaw that could replace legitimate Apple Store apps with doppelgangers capable of secretly accessing users' e-mail messages, log-ins, passwords and financial data . The so-called Masque Attacks described by the IT security firm FireEye operate by mimicking the identifiers and interfaces of genuine apps the user has already installed. In a Monday blog post describing the attack
method, FireEye researchers said they first discovered the vulnerability in July, and notified Apple shortly afterward. They added that it was "urgent" to notify the public because "there could be existing attacks that haven't been found by security vendors." Masque Attacks can be launched entirely over wireless networks without any need for an iPhone to be connected to another device. Current protections and interfaces from Apple do not prevent Masque Attacks, the FireEye researchers said. Invasion of the App Body-Snatcher The security flaw that enables Masque Attacks stems from Apple's support for enterprise
provisioning, which allows large organizations to develop and deploy custom apps to their employees' devices. Such apps don't receive the same scrutiny from Apple as those from the official Apple Store. The Masque Attack works by attempting to entice an iPhone user to install a new app or update to an existing app. If the user agrees, the attack proceeds, not only installing the bait app but also replacing a previously installed legitimate app such as Gmail with an identical looking but malicious version of that app. Once installed, the copycat app can access the original app's local data -- cached e-mails, for example -- and upload sensitive information to a remote server. The "body-snatcher" app goes undetected because it uses the same bundle identifier, an app-specific notation such as "com.google.Gmail," as the originally installed app. Take 'Extra Caution' Until stronger security protections become available, the FireEye researchers said, iPhone owners can protect
themselves by not installing third-party apps from sources other than Apple or their own organization. Users should be alert to social engineering tricks that make pop-up install alerts appear attractive and legitimate, they warned. So far, the Masque Attack vulnerability has been found on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, according to FireEye. iOS 7 users can check for signs of an attack by going to the "Provisioning Profiles" area under the "Profiles" section of their Settings. However, iOS 8 doesn't display such profiles, so users should take "extra caution when installing apps," the FireEye security team noted. "Because all the existing standard protections or interfaces by Apple cannot prevent such an attack, we are asking Apple to provide more powerful interfaces to professional
security vendors to protect enterprise users from these and other advanced attacks," the researchers saidSource
http://www.toptechnews.com/article/index.php?story_id=030000XS9BI6
Comments
Post a Comment