Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Gov't Issues Alert About iOS "Masque Attack" Threat

Posted by timothy on from the that'll-teach-'em dept.

alphadogg writes Three days after security company FireEye warned of an iPhone/iPad threat dubbed "Masque Attack", the U.S. government has issued a warning of its own about this new risk by malicious third-party apps to Apple iOS devices. US-CERT warned: "This attack works by luring users to install an app from a source other than the iOS App Store or their organizations' provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link." Revelations of Masque came on the heels of a related exploit (that also threatens Macs) called WireLurker.

3 of 98 comments (clear)

  1. Re:I don't get it... by Anonymous Coward · · Score: 5, Informative

    You have to get a link from someone, go somewhere that clearly isn't the apple store, download the app which the phone will warn you about, install the app which the phone will again warn you about and accept enterprise provisioning which the phone will warn you about yet again before the malware can do it's thing?

    This takes real work on the part of the user to do that they don't normally, or ever see. It's a problem that they let a developer overwrite other apps, but in terms of it being a vulnerability? Welcome to dumb users doing stupid shit they've been told not to do the last 30 damned years.

  2. Re:false flag? by Guy+Harris · · Score: 3, Informative

    since when does the govt issue virus alerts?

    Since at least 2009,, possibly earlier.

  3. Re:I don't get it... by tlambert · · Score: 4, Informative

    actually, they can put the binaries on any webpage. that's how betas are distributed.
    it's as easy a clicking a link and saying "yes" twice.

    No, you can't. They have to be one of:

    (A) signed by Apple (e.g. anything from the App store)
    (B) a developer signed binary running on a device enrolled under the developer's key as one of a limited number of devices
    (C) enterprise enrolled and signed with the enterprise key

    The exploit takes advantage of pirate App stores in china which require you to accept enterprise enrollment in their enterprise key, and then download binaries from their "App Store" after paying a reduced rate for them (they're pirated) that happen to have had malware installed into the app bundle prior to being signed by the enterprise key belonging to the store (and the store is not checking the apps it puts up for sale, because they are all purchased and then uploaded from jailbroken iPhones).

    So it takes a lot of work, and most of the people at risk from this are in China and basically stealing Apps.