The US Computer Emergency Readiness Team has warned the Apple users about the Masque attack, which is a new bug that enables the hackers to steal important info from iPhones and iPads. If you are very curious about the “Masque Attack,” watch the video posted at the end of this post.
The US Government has issued a notice in which it has asked the users to be wary of the Masque attack that is discovered recently by FireEye. The cyber squad from the government is concerned about the security of info on iPads and iPhones and hence, it has warned the users about the same.
The hackers these days invite the Apple users to download malicious applications and these apps, then eat the privacy of the user out on the whole. The US-Cert stated, “This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as the one delivered through a phishing link.”
The cyber squad has also sprinkled more info about it by saying that the hackers may duplicate the user interface of the legitimate app in order to get the login credentials and other sensitive data from the victim device. The whole research about the bug has been done by FireEye, according to which the technique of hacking used in this case could take the user’s bank details and email accounts in jeopardy by employing the fake email id’s and other banking apps.
FireEye has warned and stated, “Attacker can steal user’s banking credentials by replacing an authentic banking app with a malware that has an identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.”
In order to avoid such situations of hacking, the US-Cert has asked the iOS device users not to install applications that are not listed on the Apple App store. The cure is as simple as that, but people have to be aware now and react according to the instructions given by US-Cert in order to avoid and malicious attack on their privacy.
[ Source ]