Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Gov't Issues Alert About iOS "Masque Attack" Threat

Posted by timothy on from the that'll-teach-'em dept.

alphadogg writes Three days after security company FireEye warned of an iPhone/iPad threat dubbed "Masque Attack", the U.S. government has issued a warning of its own about this new risk by malicious third-party apps to Apple iOS devices. US-CERT warned: "This attack works by luring users to install an app from a source other than the iOS App Store or their organizations' provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link." Revelations of Masque came on the heels of a related exploit (that also threatens Macs) called WireLurker.

6 of 98 comments (clear)

  1. I don't get it... by XaXXon · · Score: 4, Insightful

    Don't you have to jump through all sorts of hoops to even INTENTIONALLY install an app from an alternate source?

    Seems like it would be hard to do it unintentionally.

    1. Re:I don't get it... by Russ1642 · · Score: 3, Insightful

      You can't stop viruses that are manually installed by ridiculously dumb users unless you have virus scanners, and even then it's hit and miss. I wouldn't even call it an exploit.

    2. Re:I don't get it... by NatasRevol · · Score: 1, Insightful

      They have to be smart enough to jailbreak, point to an alternative app store, and install a corrupted app.

      Or be dumb enough to hand it to a smart friend who can do this.

      --
      There are two types of people in the world: Those who crave closure
    3. Re:I don't get it... by anethema · · Score: 3, Insightful

      Let's also keep in mind that apple apps ONLY run in a sandbox, and this virus does not break out of it. The worst the app can do is be installed if you don't actually go into it and do stuff.

      The main danger is that the app could masquarade as a legit app like browser/banking etc and maybe trick you into using it.

      But the sheer number of steps needed to install it, then almost crazy foolishly using it afterwards, it isn't much of a threat.

      --


      It's easier to fight for one's principles than to live up to them.
  2. Re:iOS Users by ProzacPatient · · Score: 1, Insightful

    A large amount of malware on other platforms, mostly Windows, has been due to ignorant users willfully installing malware; bundled toolbars and adware that come with otherwise legit software are probably the best example.
    Granted there are zero-day exploits and sometimes exploits in third party software (*cough* adobe *cough*) but the stuff I mentioned a moment ago is most common vector for malware infection.

    Now Apple's platform is finally popular enough among average users that it is profitable for the less than honest to target it with such malware, and to make matters worse most Apple users are arguably overconfident in that they are absolutely convinced they are invincible from any kind of malware making them a prime target for such attacks at this point in time. A lot of Apple users, in my personal experience, never ask themselves why there is so much malware in other platforms but rather just repeat what they've been told; that iOS and OS X are immune to such threats.

  3. No. by tlambert · · Score: 3, Insightful

    So identical to the Android malware, except there's less of it because iPhones are less popular in China?

    No. Anyone who wants to can put up an Android app store, or sell an android app with malware in it for side-loading onto the Android phone. Android is *much* more vulnerable, depending on who you trust; trust the wrong person/company, and you're compromised.

    To get that enterprise provisioning on your iPhone, you have to give up all other enterprise provisioning and sign up as a device enrolled as an "employee" of that App store, and you do it knowing full well that you're doing it to get pirated apps at a cut rate or free pricetag because you are a criminal.