Network security firm FireEye claims that hackers have found a way to breach into iOS devices using legitimate-looking malicious apps.
FireEye discovered the iOS hacks while examining about 400 GB worth of corporate data, which were leaked when hackers attacked Hacking Team, a cybersecurity firm. The cyber attack was important because the security company worked along with many governments including Egypt, Uzbekistan and Sudan on their intelligence service.
FireEye claims that it warned of the likelihood of attacks on iPhone called "masque attacks" even before the company discovered them. The network security company explains that masque attacks occur when a smartphone owner downloads a malicious app on their device from an unreliable link.
"Up until now, these attacks had never been seen carried out in the wild, highlighting that advanced threats were not utilizing mobile to carry out their attacks despite rapid user adoption," stated FireEye. "However, FireEye has recently uncovered 11 iOS apps within the Hacking Team's arsenals that utilize Masque Attacks, marking the first instance of targeted iOS malware."
It was previously believed that only jailbroken iDevices were vulnerable to cyber attacks. However, FireEye suggests that even non-jailbroken iOS devices can be exposed to attacks if malicious apps are downloaded.
FireEye found that some malicious apps mimic real apps such as Facebook, WhatsApp, Google Chrome, Skype, BlackBerry Messenger, Facebook Messenger and more. When installed on an iDevice from a link outside the official App Store, these apps communicate with remote servers and expose sensitive personal data.
The malicious apps can also transmit data such as voice recordings from WeChat and Skype, browser history logs from Chrome, text messages from Facebook Messenger and more.
"If you can be tricked into clicking on a link on your phone to install an application then any of your apps could be replaced with a malicious version. It could look identical to the standard app but have extra functionality," said Simon Mullis, Global Technical Lead, Strategic Alliances at FireEye.
Zhaofeng Chen, a senior research scientist engineer at FireEye, says that as the bundle identifiers of the malicious app are the same as in the genuine apps available from the App Store, these apps can replace those genuine apps on iOS devices running on versions prior to 8.1.3.
The security of iDevices, such as iPhones and iPads, is a serious issue. Network security firms stress the importance of keeping devices updated so that they have the latest security patches. Users of iDevices are also encouraged to download apps only from authentic sources such as the App Store.
Photo: Ervins Strauhmanis | Flickr