Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Gov't Issues Alert About iOS "Masque Attack" Threat

Posted by timothy on from the that'll-teach-'em dept.

alphadogg writes Three days after security company FireEye warned of an iPhone/iPad threat dubbed "Masque Attack", the U.S. government has issued a warning of its own about this new risk by malicious third-party apps to Apple iOS devices. US-CERT warned: "This attack works by luring users to install an app from a source other than the iOS App Store or their organizations' provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link." Revelations of Masque came on the heels of a related exploit (that also threatens Macs) called WireLurker.

9 of 98 comments (clear)

  1. I don't get it... by XaXXon · · Score: 4, Insightful

    Don't you have to jump through all sorts of hoops to even INTENTIONALLY install an app from an alternate source?

    Seems like it would be hard to do it unintentionally.

    1. Re:I don't get it... by Russ1642 · · Score: 3, Insightful

      You can't stop viruses that are manually installed by ridiculously dumb users unless you have virus scanners, and even then it's hit and miss. I wouldn't even call it an exploit.

    2. Re:I don't get it... by Anonymous Coward · · Score: 5, Informative

      You have to get a link from someone, go somewhere that clearly isn't the apple store, download the app which the phone will warn you about, install the app which the phone will again warn you about and accept enterprise provisioning which the phone will warn you about yet again before the malware can do it's thing?

      This takes real work on the part of the user to do that they don't normally, or ever see. It's a problem that they let a developer overwrite other apps, but in terms of it being a vulnerability? Welcome to dumb users doing stupid shit they've been told not to do the last 30 damned years.

    3. Re:I don't get it... by tlambert · · Score: 4, Informative

      actually, they can put the binaries on any webpage. that's how betas are distributed.
      it's as easy a clicking a link and saying "yes" twice.

      No, you can't. They have to be one of:

      (A) signed by Apple (e.g. anything from the App store)
      (B) a developer signed binary running on a device enrolled under the developer's key as one of a limited number of devices
      (C) enterprise enrolled and signed with the enterprise key

      The exploit takes advantage of pirate App stores in china which require you to accept enterprise enrollment in their enterprise key, and then download binaries from their "App Store" after paying a reduced rate for them (they're pirated) that happen to have had malware installed into the app bundle prior to being signed by the enterprise key belonging to the store (and the store is not checking the apps it puts up for sale, because they are all purchased and then uploaded from jailbroken iPhones).

      So it takes a lot of work, and most of the people at risk from this are in China and basically stealing Apps.

    4. Re:I don't get it... by anethema · · Score: 3, Insightful

      Let's also keep in mind that apple apps ONLY run in a sandbox, and this virus does not break out of it. The worst the app can do is be installed if you don't actually go into it and do stuff.

      The main danger is that the app could masquarade as a legit app like browser/banking etc and maybe trick you into using it.

      But the sheer number of steps needed to install it, then almost crazy foolishly using it afterwards, it isn't much of a threat.

      --


      It's easier to fight for one's principles than to live up to them.
  2. false flag? by Noah+Haders · · Score: 3, Interesting

    since when does the govt issue virus alerts? My best guess is that NSA is alarmed by uncrackable iphone encryption, so they're doing everything they can to scare people off their iphones and on to something more easy to control like droid or bby

    1. Re:false flag? by Guy+Harris · · Score: 3, Informative

      since when does the govt issue virus alerts?

      Since at least 2009,, possibly earlier.

  3. Blast from the past by piranha32 · · Score: 5, Funny

    Hi,
        This is an Albanian virus. As you know we are not so technical
        advanced as in the West. We therefore ask you to delete all your
        files on your harddisk manually and send this email to all your
        friends.

        Thanks for helping us,
        The Albanian Hackers

    When I saw it many years ago it looked like a good joke

  4. No. by tlambert · · Score: 3, Insightful

    So identical to the Android malware, except there's less of it because iPhones are less popular in China?

    No. Anyone who wants to can put up an Android app store, or sell an android app with malware in it for side-loading onto the Android phone. Android is *much* more vulnerable, depending on who you trust; trust the wrong person/company, and you're compromised.

    To get that enterprise provisioning on your iPhone, you have to give up all other enterprise provisioning and sign up as a device enrolled as an "employee" of that App store, and you do it knowing full well that you're doing it to get pirated apps at a cut rate or free pricetag because you are a criminal.