Vulnerabilities in the iPhone 5 Every Company Must Know

8 years ago

It’s generally accepted that using an iPhone is safer than using an Android, when it comes to certain hacks.

But that doesn’t mean the iOS is hackproof, as several hackers are determined to demonstrate by using a new security bug. Recently discovered, this issue might not affect a large number of users yet, but it is a potentially massive threat for hackers to use.

Malicious Apps

It is possible to trick the iPhone into downloading a malicious app that replicates an actual app on your phone that it then covertly replaces. This new app can then be used for a variety of purposes without the user’s knowledge.

The apps looks and perform like the real thing, replacing twitter, Facebook, Whatsapp? and Skype, among others. According to researchers from FireEye, they include components that can activate additional silent functions, such as monitoring conversations or upload personal data to a remote server.

Beware Masque Attacks

FireEye global technical lead Simon Mullis described the “Masque” attack in an interview with Business Insider.

“The most recent version of the Masque attack uses a technique called ‘URL Scheme Hijacking.’ The attacker is initially able to bypass the mechanism used by Apple to ensure that a user trusts an app that is being installed,” he said.

The attack works by having users install malicious apps without their knowledge by having a user click an infected link while browsing the web. Masque can then download an app onto an iPhone without the users knowing.

“If you can be tricked into clicking on a link on your phone to install an application then any of your apps could be replaced with a malicious version. It could look identical to the standard app but have extra functionality,” Mullis said.

“Once installed, the new malicious application can hijack the communications used by legitimate apps and steal information, such as login credentials.” Downloads from the Apple Store are safe, and the attack only works if the user clicks on an infected web link. By keeping your eyes peeled and following general phishing guidelines, you should be safe.

The vulnerability was discovered from information stolen from web security firm Hacking Team, according to FireEye. Hacking Team creates digital surveillance tools for government departments and law enforcement agencies, and its customer list includes the US Federal Bureau of Investigation (FBI) and UK National Crime Agency (NCA). The breach occurred in June when a group of hackers broke into its network and leaked 400GB of data.

WinMagic – Your Trusted Source for Security Solutions

Are you looking for ways to safeguard your company’s most valuable asset? Contact WinMagic today at 1-888-879-5879. WinMagic has been helping customers secure data through encryption since 1997.

Our products have won several awards, and we have five million clients in over 80 countries. Find out how our data encryption solutions can work for you and your business by speaking with a customer service representative.

WinMagic https://winmagic.com

WinMagic is a leading developer of endpoint authentication and encryption products that, over the course of 25 years, has raised the bar for user security. With extensive experience with securing the endpoint — and continuous innovation — WinMagic is trusted by over 2,500 businesses and government agencies around the world and has over 3 million active licenses globally.

Best Practices for Mitigating DMA Attacks

WinMagic’s Two-Stage Model for Key File Deployment

Tackling the Caesars and MGM Hacks with Secure Authentication Fallback

Early September 2023, two of the world’s largest casino hotel companies — MGM Resorts and Caesars — were struck by…

October 3, 2023

Thi Nguyen-Huu

Why Relying on Phones for Online Authentication Is a Bad Idea

In 2022, the US Government released memorandum M-22-09 addressing the requirements for achieving zero-trust security. This introduction has sparked a…

September 18, 2023

Garry McCracken