iOS Masque Attack
-
Well, this sucks for iOS users. There's another way of exploiting the hole that WireLurker is using but this time, no PC is required.
Have a read of this: http://www.tomshardware.com/news/ios-masque-attack-wirelurker-enhanced,28052.html#xtor=RSS-998
The important bits:
- "Masque Attack" works much like WireLurker in that it takes advantage of Apple’s enterprise provisioning to bypass other security checks on iOS.
- Unlike WireLurker, though, Masque Attack doesn’t even need to infect the user's PC
- FireEye reported the malware to Apple months ago (July 26, to be exact), Apple doesn’t seem to have fixed the loophole yet
I haven't watched it but one of articles I found [au.pcmag.com] when fact checking has a demo of the attack in action: https://www.youtube.com/watch?v=3VEQ-bJUhPw
-
Here's the post from the FireEye blog: http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html
-
That is pretty major.
-
is there any protection for this?
-
So is Gmail as an app the only target? I have Gmail on the iOS email client.
-
Basically it looks like this requires a really stupid user both to click a link that is a phishing attack as well as not notice that Gmail is being replaced as well as have the Gmail app installed already. Is that all true? Seems like a very scary attack but for a very limited audience.
-
@scottalanmiller said:
So is Gmail as an app the only target? I have Gmail on the iOS email client.
From the article it looks like it can steal data from nearly any third party app, but not the Apple apps. So normal users would have no risk to email, messaging or web browsing. It would be things like Facebook that would be at risk.
-
But it needs the same bundle identifier? Does that mean that they have to make a guess as to what you have installed in order to action the attack? Like they guess that you have Facebook Messenger installed, so they use its bundle identifier? Then, if you do actually have it, it replaces it and if you don't, if fails and you are safe?
-
I think so, that is how I read it.
-
Not too much risk for businesses then, really focused on end user data.
-
@scottalanmiller said:
Not too much risk for businesses then, really focused on end user data.
Seems that way.
-
@scottalanmiller said:
Not too much risk for businesses then, really focused on end user data.
Isn't that 90% of apples clientele?
Seriously though, I don't actually know but I figure that a good portion of Apples users would fall for it mainly because of the "Macs are immune to this crap" type of mentality. -
@nadnerB said:
@scottalanmiller said:
Not too much risk for businesses then, really focused on end user data.
Isn't that 90% of apples clientele?
Seriously though, I don't actually know but I figure that a good portion of Apples users would fall for it mainly because of the "Macs are immune to this crap" type of mentality.I can see that...
-
@nadnerB said:
Isn't that 90% of apples clientele?
Seriously though, I don't actually know but I figure that a good portion of Apples users would fall for it mainly because of the "Macs are immune to this crap" type of mentality.No. They will fall for it because they clicked on a get this app free link.
General end users have no clue that one system is more secure than another. That only comes in to play in the more technical circles.
-
@JaredBusch said:
No. They will fall for it because they clicked on a get this app free link.
General end users have no clue that one system is more secure than another. That only comes in to play in the more technical circles.
Very true.