SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
7 Aug 2015

Fresh Masque iOS security flaw puts iPhone users at risk

Hackers have figured out how to persuade iPhone users to install malicious apps on their iPhones without their knowledge.

The apps may look and perform like the real thing, but they're controlled by hackers. The installations occur when users unwittingly click on web links that trigger the downloads.

Bogus apps include malware versions of Twitter, Facebook, WhatsApp. FireEye global technical lead Simon Mullis reported the “Masque” attack in an interview. “The most recent version of the Masque attack uses a technique called ‘URL Scheme Hijacking.’ The attacker is initially able to bypass the mechanism used by Apple to ensure that a user trusts an app that is being installed,” he said. The attacks work by duping smartphone users into installing the malicious apps without their knowledge.

If a user clicks on an infected link while browsing the web, then Masque can download an app onto an iPhone without the users knowing. That app will look and behave like the real thing — except that hackers will be controlling and monitoring it, and watching what you do on it. The problem is that the downloads occur without the user seeing them.

“If you can be tricked into clicking on a link on your phone to install an application then any of your apps could be replaced with a malicious version. It could look identical to the standard app but have extra functionality,” Mullis said. “Once installed, the new malicious application can hijack the communications used by legitimate apps and steal information, such as login credentials.”

The malicious apps are not hosted on Apple's official App Store, so downloads from there are safe. The attacks only work if the user clicks on an infected web link. Users that do not fall for phishing schemes should be safe. In theory, the technique works on all major mobile operating systems including iOS and Android. But so far, FireEye has only seen the attack used against iPhone users.

The vulnerability was discovered by hackers from information stolen from web security firm Hacking Team, according to researchers at FireEye. Hacking Team creates digital surveillance tools for government departments and law enforcement agencies. Its customer list includes the US Federal Bureau of Investigation (FBI) and UK National Crime Agency (NCA). The breach occurred in June when a group of hackers broke into its network and leaked 400GB of data, allegedly stolen from it.

Experts have reached out to the companies involved for comment on FireEye’s findings and advice how users can protect themselves. Mullis said FireEye has already discovered malicious versions of several popular legitimate apps targeting smartphone users in the wild. “Imagine a malicious version of a taxi application that always calls a driver who is working with the bad guys; an Instant Messenger app that automatically uploads private messages, photos and GPS locations to a remote server,” he said.

“We have found examples of many well-known apps have been repackaged in this way: Twitter, Facebook, WhatsApp, Viber, Skype and others. They are versions of the standard app with extra functionality to exfiltrate sensitive information to remote servers. We have found these applications in use in the wild.” The attacks are currently have a "small" undisclosed number of victims. Mullis said he expects to see the attacks expand their target-base in the near future. “There is a clear ecosystem at play and I have no doubt that this technique could and will be used by criminal gangs for financial gain,” he said.

Tags:
iOS information leaks Masque
Source:
Business Insider
2218
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015