The U.S. Department of Homeland Security on Thursday issued an alert warning iOS users about the recent “Masque Attack” security flaw that can affect both non-jailbroken and jailbroken iPhone, iPad and iPod touch devices. The United States Computer Emergency Readiness Team outlines how the technique works and offers solutions on how iOS users can protect themselves.
Mobile security research team FireEye claimed last week that Masque Attacks allow for an attacker to replace a legitimate app with a malicious version under a limited set of circumstances. To fall victim to the attack, an iPhone, iPad or iPod touch user must be lured into installing an app outside of the App Store through enterprise provisioning systems or through a phishing link.
FireEye explained the technical intricacies of the security flaw in more detail last week:
“Masque Attacks can replace authentic apps, such as banking and email apps, using attacker’s malware through the Internet,” claims FireEye. “That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.”
The government organization says that iOS users can protect themselves by avoiding installing apps that are outside of the App Store or organizations that you belong to, not tapping on “Install” from a third-party prompt when viewing a webpage, and tapping on “Don’t Trust” and uninstalling any apps that display an “Untrusted App Developer” alert when opened.
Masque Attacks can affect users running iOS 7.1.1 through iOS 8.1.1 beta.