Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Gov't Issues Alert About iOS "Masque Attack" Threat

Posted by timothy on from the that'll-teach-'em dept.

alphadogg writes Three days after security company FireEye warned of an iPhone/iPad threat dubbed "Masque Attack", the U.S. government has issued a warning of its own about this new risk by malicious third-party apps to Apple iOS devices. US-CERT warned: "This attack works by luring users to install an app from a source other than the iOS App Store or their organizations' provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link." Revelations of Masque came on the heels of a related exploit (that also threatens Macs) called WireLurker.

4 of 98 comments (clear)

  1. I don't get it... by XaXXon · · Score: 4, Insightful

    Don't you have to jump through all sorts of hoops to even INTENTIONALLY install an app from an alternate source?

    Seems like it would be hard to do it unintentionally.

    1. Re:I don't get it... by Russ1642 · · Score: 3, Insightful

      You can't stop viruses that are manually installed by ridiculously dumb users unless you have virus scanners, and even then it's hit and miss. I wouldn't even call it an exploit.

    2. Re:I don't get it... by anethema · · Score: 3, Insightful

      Let's also keep in mind that apple apps ONLY run in a sandbox, and this virus does not break out of it. The worst the app can do is be installed if you don't actually go into it and do stuff.

      The main danger is that the app could masquarade as a legit app like browser/banking etc and maybe trick you into using it.

      But the sheer number of steps needed to install it, then almost crazy foolishly using it afterwards, it isn't much of a threat.

      --


      It's easier to fight for one's principles than to live up to them.
  2. No. by tlambert · · Score: 3, Insightful

    So identical to the Android malware, except there's less of it because iPhones are less popular in China?

    No. Anyone who wants to can put up an Android app store, or sell an android app with malware in it for side-loading onto the Android phone. Android is *much* more vulnerable, depending on who you trust; trust the wrong person/company, and you're compromised.

    To get that enterprise provisioning on your iPhone, you have to give up all other enterprise provisioning and sign up as a device enrolled as an "employee" of that App store, and you do it knowing full well that you're doing it to get pirated apps at a cut rate or free pricetag because you are a criminal.