iOS devices are immune to malware — or at least, that's what Apple would have your enterprise believe. There's some truth to the claim, since malicious actors historically targeted open-source platforms such as Android instead of the closed ecosystems of iPhones and iPads. But as common sense dictates, it was only a matter of time before they found a serious iOS security flaw.
Enter the Masque Attack, which attempts to trick users into downloading a seemingly legitimate app teeming with malware. With Apple devices now in the cross hairs, can your company stay safe?
According to Dark Reading, 95 percent of all non-jailbroken Apple devices can be victimized by Masque, and most mobile device management (MDM) software won't find anything amiss since the malware uses the same bundle identifiers as legitimate apps.
Here's how it works: While Apple strictly controls the development and distribution environments of iOS applications, bundle identifiers slip through the cracks. Apple suggests these uniform type identifiers, which precisely identify single applications, should be in reverse DNS format. It's possible, however, for a malicious actor to grab the bundle ID of a legitimate app, then design his or her own malware-stuffed version and use the same ID. The result is an application that looks and feels like popular social or productivity tools, but is in fact a "mask" of the original with a very different face underneath. To convince users they should download these apps, hackers often make them look like updates to existing software. Once they're on a device, they replace legitimate code but still have access to the original app's directory and data. It's even possible for attackers to break out of the app sandbox and obtain root privileges, allowing them to run arbitrary code and potentially compromise entire corporate networks.
With Apple devices no longer off-limits for malware, what's the company doing to keep iOS secure? ZDNet notes that Apple may be entering a "whack-a-mole era of malware defense," in which threats are only addressed when they "pop up" and become readily apparent. Standard practice for the PC industry during the last decade, this approach sets up a reactive security posture — one where emerging threats are given free rein until quick fixes are found. When it comes to iOS security flaws such as Masque or WireLurker, however, this means new enterprise-provisioning certificates, new versions of malware and even the act of syncing to Windows PCs can put devices at risk for reinfection. Yikes.
It's worth noting that Masque and similar attacks can't happen unless users choose to trust enterprise-provisioning certificates. These certificates act as easy ways for businesses to distribute proprietary or frequently used apps to all employees, so users aren't always on high alert for this type of threat. Aside from refusing this permission when they're in doubt and being wary of any unexpected app updates, however, it's also worth taking a company-wide, proactive stance on iOS security. For example, IT departments should mandate the use of MDM software on all mobile devices connected to the corporate network, along with encrypting emails and thoroughly vetting any app before it's approved for download by end users. And with Apple opting for a "fix it when we see it" attitude for iOS security flaws, there's also room for a thorough security assessment conducted by reputable third-party providers that can help identify potential threats and vulnerabilities before it's too late.
Bottom line? Masque is just the first iOS security flaw — there could be more to come. Take steps to make sure your enterprise doesn't get fooled.
Photo Source: Flickr