It’s generally accepted that using an iPhone is safer than using an Android, when it comes to certain hacks.
But that doesn’t mean the iOS is hackproof, as several hackers are determined to demonstrate by using a new security bug. Recently discovered, this issue might not affect a large number of users yet, but it is a potentially massive threat for hackers to use.
It is possible to trick the iPhone into downloading a malicious app that replicates an actual app on your phone that it then covertly replaces. This new app can then be used for a variety of purposes without the user’s knowledge.
The apps looks and perform like the real thing, replacing twitter, Facebook, Whatsapp? and Skype, among others. According to researchers from FireEye, they include components that can activate additional silent functions, such as monitoring conversations or upload personal data to a remote server.
Beware Masque Attacks
FireEye global technical lead Simon Mullis described the “Masque” attack in an interview with Business Insider.
“The most recent version of the Masque attack uses a technique called ‘URL Scheme Hijacking.’ The attacker is initially able to bypass the mechanism used by Apple to ensure that a user trusts an app that is being installed,” he said.
The attack works by having users install malicious apps without their knowledge by having a user click an infected link while browsing the web. Masque can then download an app onto an iPhone without the users knowing.
“If you can be tricked into clicking on a link on your phone to install an application then any of your apps could be replaced with a malicious version. It could look identical to the standard app but have extra functionality,” Mullis said.
“Once installed, the new malicious application can hijack the communications used by legitimate apps and steal information, such as login credentials.” Downloads from the Apple Store are safe, and the attack only works if the user clicks on an infected web link. By keeping your eyes peeled and following general phishing guidelines, you should be safe.
The vulnerability was discovered from information stolen from web security firm Hacking Team, according to FireEye. Hacking Team creates digital surveillance tools for government departments and law enforcement agencies, and its customer list includes the US Federal Bureau of Investigation (FBI) and UK National Crime Agency (NCA). The breach occurred in June when a group of hackers broke into its network and leaked 400GB of data.
WinMagic – Your Trusted Source for Security Solutions
Are you looking for ways to safeguard your company’s most valuable asset? Contact WinMagic today at 1-888-879-5879. WinMagic has been helping customers secure data through encryption since 1997.
Our products have won several awards, and we have five million clients in over 80 countries. Find out how our data encryption solutions can work for you and your business by speaking with a customer service representative.