Hackers can replace iPhone apps with malware – iOS ‘Masque Attack’

Researchers related to security at FireEye discovered that malware can be installed over genuine iOS apps.
iOS developers and enterprises often use ad-hoc/enterprise provisioning system of Apple to deploy application directly on devices these apps downloaded directly from any server without using Apple’s App store. Researchers have discovered that an iOS application installed using enterprise/ad-hoc provisioning on device could easily replace another legitimate application installed through the App Store, if they have the same bundle id. Bundle id is basically a unique app id Apple uses it to identify individual apps.

SEE ALSO: Apple to tighten iCloud security

FireEye named this attack “Masque Attack,” Let see how it works Suppose I have the Outlook app on my iPhone installed through App store and I get link from someone to install a “new” version of Outlook and I do it, the genuine copy of Outlook could be replaced with a malicious version if both have same Bundle Id that could contain malware and get sensitive data from my device.
FireEye also created a demo video:

Read More:  Samsung Galaxy S7 sales will reach 25 million by the end of June

Although deploying application using ad-hoc/enterprise provisioning is legitimate way but after discovery of this vulnerability serious questions raises on iOS security that apple always promise with its customers.

Users shouldn’t download applications from outside the App Store unless they are installing it for beta testing or being asked by any reliable IT Administrator.

MobileSiri.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. Read about our Affiliates Disclosure Policy here.