Criminals can now hack iPhones including the ones that are not jailbroken due to a massive security bug
Researchers at FireEye are claiming that hackers are using a leaked Hacking Team susceptibility to snoop on iPhone users.
Reporting the “Masque” attack in an interview with Business Insider, Simon Mullis, FireEye Global Technical Lead said that “The most recent version of the Masque attack uses a technique called ‘URL Scheme Hijacking.’ The attacker is initially able to bypass the mechanism used by Apple to ensure that a user trusts an app that is being installed.”
Hacking Team is a Milan-based information technology company that sells offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. The method used in the attacks was leaked during the Hacking Team data breach.
The US Federal Bureau of Investigation (FBI) and UK National Crime Agency (NCA) are a part of its customer list. The data breach took place in June when a group of hackers allegedly leaked 400GB of data that it stole by breaking into its network.
The method used to attack is by deceiving smartphone users into installing the malicious apps that are not hosted on official stores by using infected web links. Mullis said “If you can be tricked into clicking on a link on your phone to install an application then any of your apps could be replaced with a malicious version. It could look identical to the standard app but have extra functionality.”
“Once installed, the new malicious application can hijack the communications used by legitimate apps and steal information, such as login credentials.”
Only if the infected link is clicked by the user does the attack get activated. However, those users are safe who download apps only from legitimate stores and do not get influenced with the hacker’s defrauding schemes.
All major operating systems like Android and iOS are affected by the method.
According to Business Insider, they have tried to get in touch with the companies that were involved in FireEye’s findings for their comments and recommendations on how users can protect themselves.
Malicious versions of many of the popular legitimate apps aimed at smartphone users have been discovered by FireEye said Mullis.
“Imagine a malicious version of a taxi application that always calls a driver who is working with the bad guys; an Instant Messenger app that automatically uploads private messages, photos and GPS locations to a remote server,” he said.
“We have found examples of many well-known apps have been repackaged in this way: Twitter, Facebook, WhatsApp, Viber, Skype and others. They are versions of the standard app with extra functionality to exfiltrate sensitive information to remote servers. We have found these applications in use in the wild.”
Currently, the number of undisclosed victims of the attacks are “small”. However, in the near future, Mullis said he believes to see the target-base of the attacks to be more extensive.
“There is a clear ecosystem at play and I have no doubt that this technique could and will be used by criminal gangs for financial gain,” he said.