Masque Attack is the name of the newest reported malware that can attack iOS devices.
RCR Mobile Minute
The Mobile Minute is sponsored today by Juniper Networks.
Unlike WireLurker, discovered last week, Masque Attack is embedded in mobile apps, not Macintosh apps. The mobile apps are disguised to look exactly like apps a user might want to install, or updates to existing apps.
Once a user installs a Masque Attack app, it can access information that the real app would see, such as user name and password information.
Masque Attack was discovered by a firm called FireEye, which says it told Apple about the problem last summer. FireEye decided this month to go public with its findings. The firm says it has identified the vulnerability to Masque Attack on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices. But so far, there are no reports of successful Masque Attack hacks.
FireEye says that Masque Attack takes advantage of a “bundle identifier” flaw in iOS. The bundle identifier is the unique id for each app on your phone. According to FireEye, Masque Attack can replicate your app’s bundle identifier and that prompts iOS to install the fake app, even if it did not come from Apple.
iOS may not realize that the fake apps don’t come from Apple, but most human beings will have no problem figuring this out. iOS users can protect themselves by only downloading apps from Apple.
Other top stories:
AT&T grounds in-flight plans; América Móvil to target T-Mobile US?
In this week’s carrier wrap, AT&T is reportedly grounding plans for LTE-based in-flight mobile broadband, plus América Móvil’s possible offer for … Read More
Policy: Telecom operators threaten legal action in net neutrality feud
The already contentious net neutrality issue became even more so this week as the president laid out his thoughts on the subject, which drew threats of … Read More
Microsoft launches Lumia 535:
