All those of you smug iOS users who thought that the security wall of their i-devices was impregnable, (though one Jennifer Lawrence would disagree) here’s a rude wake up call. HackingTeam, a cyber security agency involved in providing spy-ware to various government spy agencies was hacked recently. As a result, more than 400GB of the Italian spy ware maker’s data was out for the whole wide world to see and analyze. Various cyber security companies have been trying to figure the tricks the Hacking Team was using to find a way into various devices.
FireEye, a publicly listed US network security company has now uncovered and detailed one of the attacks used by the snoop-ware maker to attack various iOS devices. The hackers managed to breach the relatively tough security of the iOS by weaponizing top apps such as Faceebook, Whatsapp, Viber and Google Chrome to steal user data.
No one would ever be able to rely on them now
HackingTeam managed to create shady duplicates of these popular apps, and made them hide in plain sight. The modified apps made use of a security lapse in iOS, which allows a masque attack to install a modified version of an app on top a genuine app. The user would be prompted to install, what looks like a legitimate app. Once installed, the malicious app will start sending data out from the victim’s phone, without him ever getting to find out. According to FireEye, once installed, the malicious apps can be used to record voice calls, transmit text messages, find accurate GPS location, make a phone call, steal images, retrieve contacts and indulge in a whole bunch of 007-esque activities.
The masque attack vulnerability was patched by Apple in iOS 8.1.3 upon being pointed out by FireEye earlier, though no one ever managed to find out that the security loophole was actually being used by some hackers. Post the patch, a hacker cannot overwrite an official app, but he still can install a doppelganger app alongside the original, and if the subject is careless enough, can manage to extract critical data. This can be facilitated even on non-jailbroken iOS devices, and is as easy as making the victim click on an email link.
Apple’s success with its mobile devices and tablets is increasingly making it a target for hackers, who till now focused largely on Windows, for its relatively higher penetration and easier to breach security. With its growing popularity, Apple needs to ensure that no such loopholes are ever presented on a platter to hackers so as to preserve its relatively impeccable reputation as a tough-to-crack environment.
As for the Apple users, never install any apps outside of the App Store to keep your data safe.