FireEye, a cybersecurity firm announced this week that they had identified a serious flaw in Apple’s iPhone operating system that makes most iPhones and iPads extremely vulnerable to being hacked and data being stolen. The vulnerability, is being called “Masque Attack” and was first discovered by FireEye in July, but was first made public by FireEye this week when the first attempts to exploit the vulnerability by hackers was discovered. Hackers attempted to exploit the vulnerability through the use of malware deemed “WireLurker.” Presently, Apple’s iPhone operating system permits a malicious app that uses the same bundle identifier as that of a legitimate app to replace the legitimate app on the victim’s iPhone or iPad while retaining the data from the replaced legitimate app. Thus the hacker can make it appear that the victim’s bank app, for example is still installed, when in fact it has been replaced by this malicious app and steal account information, passwords and other sensitive data which can easily lead to identity theft. A Masque Attack occurs when the victim downloads a tainted app that may appear to be that of a popular game or some other apparently innocuous app. Once installed, the victim does not know that he or she has replaced legitimate apps on the phone or tablet with the malicious app.
Users of iPhones and iPads can protect themselves by taking simple precautions. First, do not install apps from any source other than Apple’s official App Store. This is always good advice because you can never be sure of the security of apps that come from sources other than the official app stores. When opening any app, if the iPhone or iPad operating system indicates “Untrusted App Developer,” click on “Don’t Trust” and immediately uninstall the app.