According to this company the Masque Attack has been harnessed to draft a campaign called “WireLurker” and this is just the beginning as the hackers can use it for drafting various new attacks. The company also revealed that the bug affects devices running on iOS7 and the advanced versions.
As its name indicates, this attack tempts the users to install an app which is not legitimate iOS App Store. This can be their bogus system or an App store which is designed to trap users. Further, the user do not recognizes the system and tend to download the app from the published link.
How nasty this Attack can be?
This empowers the hackers to access their private data and using this they can monitor all the activities performed on the phone. This attack can prove to be very nasty as this can even get access of your Bank details, personal email details and many more. This is possible as these notorious iOS App developers (hackers) use the attacker’s malware via internet to send poker banking apps and email apps in place of legitimate apps to get catch hold of your phone.
Darn! This is called encroachment.
Clash of opinions
FireEye Inc, the network security company which detected the threat on the first place say that the attack is grave serious and the Wirelurkers hacking attacks in China were the bounded form of Masque Attack which attacked the iOS devices using a USB connection. However, Apple gave a different view to CBC News, by saying "We’re not aware of any customers that have actually been affected by this attack."
On this statement, I personally feel that do we have to wait for few people to get victimised.
Further, they added "We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software."
This was a statement made three days after CBC News asked Apple to pay heed to
FireEye's blog post.
Vitor de Souza, vice-president of global communications for FireEye, tried to show them the other perspective by saying , "We are not saying that this is a widespread attack, but we believe consumers should be aware so they take the necessary precaution."
Moreover, we are well aware that people are oblivious about the fact that they have been tricked or compromised.
Can iOS developers live with their tag of the “safest”?
Apple has clearly stated that this security issue has got nothing to do with the Operating systems security or from iOS Mobile App developers end.
According to Gizmodo, there is "not anything to worry about." Author Chris Mills wrote -
"See, the 'attack' requires the user to first follow a dodgy-looking link, then click past an iOS pop-up warning people about downloading malicious apps. Not to mention, the hacker needs access to an iOS developer Enterprise Program account. If we pretend that ignoring the built-in safeguards and then downloading dodgy apps is a security flaw, then every single major operating system, mobile or otherwise, has a security flaw."
With the reputation of being the safest mobile platform, can iOS live up to this tag? iOS has ample of inbuilt safeguards. A Masque tries to bypass these safeguards and install bogus apps.
Are you a smartphone user or a SMART… phone user?
Being a smartphone users you need to be smart and vigilant towards these malwares. Avoid or shun downloading apps outside the App store and deny persimmon to untrusted apps.
“Prevention is better than cure”, should be our precept. And rather than crying over the spilt milk we should keep it in a safe place instead. Seems like hackers now have scored a point over iOS app developers. (Seriously, are we keeping a score?)
If you've already fallen into this trap, then you need to check it in iOS 7 running devices by going through these steps Settings > General > Profiles. A non-App Store app downloaded using any profile are present there and you have the leverage to delete them as well.
However, this is not possible with devices running on iOS 8. But tools such as Xcode or iPhone Configuration Utility can help you to view and delete such malicious apps.
Further, you can delete the affected app and re-install it from the genuine app store, if you feel that you are using a Masque app. And it is pretty obvious to change your password for that account as well as related account if you think that the app is prone to attacks.
If you are a business owner and you have hired iphone mobile App developers for your business app, then ask them to be vigilant to this threat. No wonder these hacker can make a replica of your iOS mobile app.