Although Apple takes pride in its security protocols, experts have repeatedly issued warnings that a bug in its iOS operating system makes most iPhones and iPads vulnerable to cyber-attacks. Hackers can easily gain access to sensitive data, they say, as well as control of the devices in question.
FireEye Inc., cyber security firm, has published details concerning this specific issue on Monday, explaining that this bug persuades users to install malicious applications containing tainted text messages, emails and Web links. These applications then allow hackers to gain access to the device.
By gradually replacing genuine, trusted apps which users download through Apple’s App Store, such as banking programs or email, the bug creates the possibility of banking and login credentials being stolen, as well as other sensitive data. FireEye has dubbed this the “Masque Attack”.
“An attacker can leverage this vulnerability both through wireless networks and USB. We named this attack ‘Masque Attack’.It is a very powerful vulnerability and it is easy to exploit,”
Tao Wei, FireEye Senior Staff Research Scientist said.
Normally, Apple’s iOS has robust security protocols which ensure that hackers encounter extreme difficulties when attempting to install malware on devices. The “Masque Attack”, however, makes it possible for them to exploit a system that Apple developed to permit large organizations to deploy custom software while bypassing Apple’s App Store, David Richardson, iOS product manager, said.
“You can just say ‘Don’t install.’ As long as you do that, you will be protected from this vulnerability,”
Richardson said, noting that suspect apps generally ask users if they want to prevent the installation of the application. Apple applications, on the other hand, are vetted for malicious software when downloaded from App Store.
Apple representatives announced that they are working towards fixing the vulnerability. Information about the security flaw began to leak out in October, although FireEye had warned Apple in July about the issue. Specialized forums are filled with security experts and hackers discussing information on Apple’s latest bugs, Wei said, and although only WireLurker was detected exploiting the vulnerability, Wei is certain that more attacks will follow.
“Currently WireLurker is the only one, but we will see more,”
he said.
