Executive Summary

Informations
Name TA14-317A First vendor Publication 2014-11-13
Vendor US-CERT Last vendor Modification 2014-11-13
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Overview

A technique labeled “Masque Attack” allows an attacker to substitute malware for a legitimate iOS app under a limited set of circumstances.


Description


Masque Attack was discovered and described by FireEye mobile security researchers.[1] This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.  


This technique takes advantage of a security weakness that allows an untrusted app—with the same “bundle identifier” as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data. This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier. Apple’s own iOS platform apps, such as Mobile Safari, are not vulnerable.


Impact


An app installed on an iOS device using this technique may:



  • Mimic the original app’s login interface to steal the victim’s login credentials.

  • Access sensitive data from local data caches.

  • Perform background monitoring of the user’s device.

  • Gain root privileges to the iOS device.

  • Be indistinguishable from a genuine app.


Solution


iOS users can protect themselves from Masque Attacks by following three steps:



  1. Don’t install apps from sources other than Apple’s official App Store or your own organization.

  2. Don’t click “Install” from a third-party pop-up when viewing a web page.

  3. When opening an app, if iOS shows an “Untrusted App Developer” alert, click on “Don’t Trust” and uninstall the app immediately.


Further details on Masque Attack and mitigation guidance can be found on FireEye’s blog [1]. US-CERT does not endorse or support any particular product or vendor.


Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA14-317A.html

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-11-13 21:23:24
  • First insertion