The U.S.
government has warned iPhone and iPad users to be on the alert for
hackers who may exploit a vulnerability in iOS that would enable them to
steal sensitive data.
Cybersecurity
firm FireEye says the bug enables hackers to access their devices by
persuading users to install malicious applications with tainted text
messages,emails and web links.
However, it requires users to install an 'untrusted' app.
HOW TO PROTECT YOURSELF
FireEye says there are three rules to follow:
Don't install apps from third-party sources other than Apple's official App Store or the user's own organization
Don't click 'Install' on a pop-up from a third-party web page, no matter what the pop-up says about the app.
When
opening an app, if iOS shows an alert with 'Untrusted App Developer',
as shown in Figure 3, click on 'Don't Trust' and uninstall the app
immediately
There was the potential for hacks using a newly identified technique known as the 'Masque Attack,' the government said in
an online bulletin from the National Cybersecurity and Communications
Integration Center and the U.S. Computer Emergency Readiness Teams.
Network
security company, FireEye disclosed the vulnerability behind the
'Masque Attack' earlier this week, saying it had been exploited to
launch a campaign dubbed 'WireLurker' and that more attacks could
follow.
Hackers
could potentially steal login credentials, access sensitive data stored
on iOS devices and remotely monitor activity on those devices, the
government said.
Such
attacks could be avoided if iPad and iPhone users only installed apps
from Apple's App Store or from their own organizations, it said.
Users should not click 'Install' from pop-ups when surfing the web.
If
iOS flashes a warning that says 'Untrusted App Developer,' users should
click on 'Don't Trust' and immediately uninstall the app, the bulletin
said.
If installed, the malicious application can then be used to replace
genuine, trusted apps that were installed through Apple's App
Store, including email and banking programs, with malicious
software through a technique that FireEye has dubbed 'Masque
Attack.'
These attacks can be used to steal banking and email login
credentials or other sensitive data, according to FireEye, which
is well-regarded in cybersecurity circles for its research.
'It is a very powerful vulnerability and it is easy to
exploit,' FireEye Senior Staff Research Scientist Tao Wei said
in an interview.
Wei said that FireEye disclosed the vulnerability to Apple
in July and that representatives with the company have said they
were working to fix the bug.
An Apple
spokesman told MailOnline: 'We designed OS X and iOS with built-in
security safeguards to help protect customers and warn them before
installing potentially malicious software.
'We’re not aware of any customers that have actually been affected by this attack.
'We
encourage customers to only download from trusted sources like the App
Store and to pay attention to any warnings as they download apps.
'Enterprise users installing custom apps should install apps from their company’s secure website.'
More information is available from the firm's support page.
News of the vulnerability began to leak out in October on
specialized web forums where security experts and hackers alike
discuss information on Apple bugs, Wei said
Wei said that FireEye disclosed the
vulnerability to Applein July and that representatives with the company
have said theywere working to fix the bug.
WIRELURKER WARNINGS
Last week researchers warned of a major threat called WireLurker.
WireLurker monitors iOS devices, including iPods, iPhones and iPads, connected to a Mac via USB.
The virus begins by infecting the Mac OS software, through malicious files or links.
When a device is connected to this infected Mac, the malware automatically installs malicious apps onto the phone or tablet.
The
researchers said this malware combines a number of techniques to
successfully 'realise a new brand of threat to all iOS devices'.
The
experts suggest iOS and Mac owners only download apps from the official
Apple app store, and that they make sure to keep their software up to
date.
Wei said that FireEye decided to go public with its findings
after Palo Alto Networks Inc last week uncovered the
first campaign to exploit the vulnerability, a new family of
malicious software known as WireLurker that infects both Mac
computers and iOS.
FireEye does not know of other attacks that exploit the bug,
Wei said.
'Currently WireLurker is the only one, but we will see
more,' he said.
FireEye advises iOS users to refrain from install apps from
sources other than Apple's official App Store and to not click
'install' on a pop-up from a third-party web page.
The security firm said it verified this vulnerability on iOS
7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and
non-jailbroken devices.
The firm used the exploit to replace Google's Gmail app with a rogue version.
'In one of our experiments, we used an in-house app with a bundle identifier 'com.google.Gmail' with a title 'New Flappy Bird'.
'We
signed this app using an enterprise certificate. When we installed this
app from a website, it replaced the original Gmail app on the phone.'
0 comments :
Post a Comment