Masque Attack is Leaking User Data from iOS

iOS running devices like iPhones and iPads are not safe anymore as Apple has reportedly warned its users to be aware of Masque attack. iOS users have already reported in several Apple discussion forums about this Trojan horse attack. Though Masque attack successfully spotted some major security flaws in iOS attack, but Apple has casually stated that if any user is fearing to be targeted, they can simply delete the suspected app. This attack is a serious one as it leaks major data stored in the phone including contacts, messages, emails, account passwords etc. to unknown servers. Although this Trojan enters the device with a lookalike app, but it involves a trickery where the user permits the app to be installed in the iOS.

Masque-attack - iOS

Masque attack is said to be targeting iPhone and iPad users with iOS7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta. The attackers mainly eyeing for app developers who also have a Developer Enterprise Program account (DEP). A DEP is a unique program by Apple, where developers with an account builds app outside of Apple App Store and in this part, the company checks the app to clear the parameters.

As detailed by several security firmware group, in Masque Attack, iOS users are getting a replaced app infected with Trojan in place of the legit app. Attackers are sending convincing mail stating that the user needs to install their app for better functionality or as an update. They tick the users to download and install the infected app. When iOS warns the user that a software from untrusted source is asking permission to be installed, the user permits it and gets the Masque attacks app, which steals valuable data and sends them to attackers.

Though Masque attack is posing like a real threat to the device, but as the software needs permission to be installed, it is unlikely that people will fall in the trick very easily. However, Apple needs to think over this iOS security issue and must change the way in which the app store trusts the bundle identifiers. Apple has advised the users to delete any suspicious app and also to download app only from the app store instead of any untrusted source.

Share This Post