FireEye, a publicly listed US network security company has now uncovered and detailed one of the attacks used by the snoop-ware maker to attack various iOS devices. The association has worked for a top notch buyers being made of government agencies and the police organizations, which includes infamous American Federal Bureau of Investigation (FBI). The Italian security firm has been the subject of mystery and criticism in the recent past on allegations that it did propagate attacks on iOS devices using various apps. It is time to see what is really happening: With iPhones now supporting Microsoft Office (Word, PowerPoint, Excel and OneNote), ActiveSync for Exchange (email, calendar and contacts), and access to thousands of one-click install productivity apps from the easy-to-use iTunes App Store, IT does support Apple, whether it likes it or not.
Advertisement
It’s nearly like giving your entire data and online life in the hands of the hackers making the service quite useful to the clients, whoever they may have been in this particular case.
The data reviewed by FireEye suggests that the Masque Attack type apps developed by the Hacking Team have been deployed in the field for months, the report added. “It could look identical to the standard app but have extra functionality”.
“Once installed, the new malicious application can hijack the communications used by legitimate apps and steal information, such as login credentials”. As the bundle identifiers are the same as the genuine apps on App Store, they can directly replace the genuine apps on iOS devices prior to iOS 8.1.3. That app will look and behave like the real thing – except that hackers will be controlling and monitoring it, and watching what you do on it. And unlike the normal version of the app, the hacker’s version can steal sensitive information and send it back to a remote server. If you do so, you’ll get a malicious version of Facebook, Twitter, Skype or another popular app you think you’d like on your smartphone.
“Imagine a malicious version of a taxi application that always calls a driver who is working with the bad guys; an Instant Messenger app that automatically uploads private messages, photos and Global Positioning System locations to a remote server”, he said. Each of these apps featured a control panel to configure the behaviour of the malicious application.
The attacks are now have a “small” undisclosed number of victims. However, in the near future, Mullis said he believes to see the target-base of the attacks to be more extensive.
Advertisement
“There is a clear ecosystem at play and I have no doubt that this technique could and will be used by criminal gangs for financial gain”, he said.
