A recently-exposed vulnerability for iPhones and iPads could allow hackers to sneakily replace your real apps with fake ones that harvest your data.
FireEye, a cybersecurity company, announced in a November 10 article that the vulnerability affects iOS 7+ devices, both jailbroken and non-jailbroken, and allows hackers to launch a “Masque Attack.” In simple terms, this means hackers can access a device after its user downloads and installs a malicious fake app. The fake app then replaces the device’s legitimate apps with other fake apps that exploit iOS code to gain access to the real apps’ data, which is collected and sent back to the hackers.
What this means is that any apps that store or use personal information–such as banking or retail apps–could be at risk. We’ve already seen that hackers cleverly disguise fake apps as legitimate ones in order to encourage victims to download them. With this exploit, a seemingly innocent game download could end up compromising your bank account. Even worse, experts estimate that about 95% of all active Apple iOS devices are vulnerable.
As always, UD urges the campus community to be cautious about its downloads. Never download or install an app from an unverified publisher; trust only legitimate and confirmed sources for all apps, including games and utilities.
For more information about the Masque Attack vulnerability, check out the CNET and technewsworld articles addressing this now-public issue.