Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Gov't Issues Alert About iOS "Masque Attack" Threat

Posted by timothy on from the that'll-teach-'em dept.

alphadogg writes Three days after security company FireEye warned of an iPhone/iPad threat dubbed "Masque Attack", the U.S. government has issued a warning of its own about this new risk by malicious third-party apps to Apple iOS devices. US-CERT warned: "This attack works by luring users to install an app from a source other than the iOS App Store or their organizations' provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link." Revelations of Masque came on the heels of a related exploit (that also threatens Macs) called WireLurker.

4 of 98 comments (clear)

  1. I don't get it... by XaXXon · · Score: 4, Insightful

    Don't you have to jump through all sorts of hoops to even INTENTIONALLY install an app from an alternate source?

    Seems like it would be hard to do it unintentionally.

    1. Re:I don't get it... by Anonymous Coward · · Score: 5, Informative

      You have to get a link from someone, go somewhere that clearly isn't the apple store, download the app which the phone will warn you about, install the app which the phone will again warn you about and accept enterprise provisioning which the phone will warn you about yet again before the malware can do it's thing?

      This takes real work on the part of the user to do that they don't normally, or ever see. It's a problem that they let a developer overwrite other apps, but in terms of it being a vulnerability? Welcome to dumb users doing stupid shit they've been told not to do the last 30 damned years.

    2. Re:I don't get it... by tlambert · · Score: 4, Informative

      actually, they can put the binaries on any webpage. that's how betas are distributed.
      it's as easy a clicking a link and saying "yes" twice.

      No, you can't. They have to be one of:

      (A) signed by Apple (e.g. anything from the App store)
      (B) a developer signed binary running on a device enrolled under the developer's key as one of a limited number of devices
      (C) enterprise enrolled and signed with the enterprise key

      The exploit takes advantage of pirate App stores in china which require you to accept enterprise enrollment in their enterprise key, and then download binaries from their "App Store" after paying a reduced rate for them (they're pirated) that happen to have had malware installed into the app bundle prior to being signed by the enterprise key belonging to the store (and the store is not checking the apps it puts up for sale, because they are all purchased and then uploaded from jailbroken iPhones).

      So it takes a lot of work, and most of the people at risk from this are in China and basically stealing Apps.

  2. Blast from the past by piranha32 · · Score: 5, Funny

    Hi,
        This is an Albanian virus. As you know we are not so technical
        advanced as in the West. We therefore ask you to delete all your
        files on your harddisk manually and send this email to all your
        friends.

        Thanks for helping us,
        The Albanian Hackers

    When I saw it many years ago it looked like a good joke