Our Alliance Partners. Tools and Resources. Find a Partner. Education and Certification. Partner Successes. Partner Login. Company Company Overview. Customer Success Stories. Industry Accolades. Security Experts. Corporate Social Responsibility. Trust Center. Internet Safety and Cybersecurity Education.
Content added to Folio Folio 0 close. Save to Folio. First reported in , Masque Attack allowed hackers to replace a genuine app from the App Store with a malformed, enterprise-signed app that had the same Bundle Identifier Bundle ID.
Apple subsequently patched the vulnerabilities CVE and CVE , but while it closed a door, scammers seemed to have opened a window. This is in light of the significant amount of malicious and potentially unwanted iOS apps we found signed with enterprise certificates and had the same Bundle IDs as their official versions on the App Store. We worked with Apple and had these issues addressed on iOS 10, which now prevents legitimate apps from overriding their fake versions.
However, devices running on iOS 9. Potential Risks More than just creating fake versions, the vulnerabilities pose serious risks in that bad guys can target legitimate apps to distribute their malware. Homegrown apps used by enterprises can also be spoofed, re-signed and repackaged via the same Bundle ID.
The repercussions to legitimate apps also vary, depending on how their data controls app behavior or how their functionalities are implemented. Many legitimate apps use JavaScript to implement their services whose codes are retrieved from their servers. By leveraging these flaws, attackers can replace these server links with their own.
Although Apple has deployed an additional logic in XCode Figure 2 to mitigate this, the Codesign tool in the command line can still be used to directly sign apps instead of XCode. Decrypting a legitimate app with a Mach-O clutch tool Figure 4. The whole signing process has not violated any checks. Scammers need only confirm if the provision profile and entitlements. Since the re-signed apps have a valid certificate, they can be run on the iOS system.
Upon installation of an enterprise-signed app, the App Store—if set to automatically update—will notify the user that an update is available.
We reproduced this issue on a gaming app running iOS 9. How does Bundle ID figure into the equation? A newly installed app typically goes through a series of permission requests when accessing device resources, such as contact information. If it is uninstalled and another app with an identical Bundle ID is installed, the latter inherits the permissions vector granted to the previous app.
It may be that granted permissions are generated and stored together with Bundle IDs as key-value pairs when apps are run for the first time but are not deleted if the app is uninstalled.
We were able to replicate this issue with a social media app. If the repackaged app is installed first, however, users will be prompted with a series of dialogs requiring their input. Aside from keeping the OS up-to-date, the risks serve as a reminder for end users to beware of downloading apps from dubious third-party marketplaces.
We have reported and demonstrated the vulnerabilities to Apple on July 21, Apple has patched these vulnerabilities on iOS Some of the apps we found repackaged via these vulnerabilities can be found in this appendix. Trend Micro Research, News, and Perspectives. Contact Us. See all articles. It was a known bug in the configuration pipeline. Things went south on Tuesday 16 November after a fault in Google's cloud infrastructure made it all too clear just how many online outfits rely on it.
Users found themselves faced with errors using services such as Spotify and Etsy — sites that used the Chocolate Factory's cloud-based load balancers. However, it wasn't until PT UTC before customers were allowed to make changes to their load balancing configuration as engineers worried about the problem recurring. The UK's National Data Guardian NDG has warned the government against watering down individuals' rights to challenge decisions made about them by artificial intelligence.
The independent healthcare data rights watchdog also said the government's consultation on changes to data protection law following the UK's departure from the EU makes proposals that would represent a "significant departure" from the General Data Protection Regulation GDPR , potentially jeopardising data-sharing arrangements.
The UK's current implementation of the GDPR, the Data Protection Act , stipulates in Article 22 that people have a right not to be made subject to a solely automated decision-making process if that decision has significant effects. Uber Technologies' munchies delivery service, Uber Eats, has set its sights on another growth industry in the Canadian province of Ontario, Reuters reports.
Yeah, it's weed. Uber CEO Dara Khosrowshahi has already made made overtures to the marijuana market in the US, where the psychoactive plant has been largely decriminalised but remains illegal in some states, telling CNBC in April : "When the road is clear for cannabis, when federal laws come into play, we're absolutely going to take a look at it.
The Register - Independent news and views for the tech community. Part of Situation Publishing. Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Manage Cookie Preferences Necessary. Always active Read more These cookies are strictly necessary so that you can navigate the site as normal and use all features. Sign in. Topics Security. Resources Whitepapers Webinars Newsletters.
Get our Tech Resources. Share Copy. MORE Apple. Corrections Send us news. Other stories you might like Should be easy to win the rights to.
Funny how this has happened again. Genetically modified E coli bacteria produce ink for 3D printing programmable objects Drug delivery, environmental clean up, building in space among possible applications. Crypto for cryptographers! The Enterprise provisioning service implemented by Apple allows enterprise iOS developers to develop and distribute iOS apps without having to upload the app to Apple. Once the malicious application is installed on the mobile phone, it replaces the original Gmail app with the bogus one used to spy on the victims.
We signed this app using an enterprise certificate. Figure 2 — The Masque attack — demo from FireEye. The impact of the Masque vulnerability is serious.
The attack allows the replacement of the legitimate app, but the data it has used remains on the device and includes local data caches.
A few weeks ago, security experts at Palo Alto Networks detected a new strain of malware, dubbed WireLurker. It is a malicious code that is able to infect IOS devices, Apple iPhone and iPads, stealing user data and transferring it to the central servers.
The researchers that uncovered the WireLurker explained it exhibited behavior that had never been seen before: malware targeting Apple mobile devices.
The malicious code initially infects the user host desktop or laptop , which downloaded it from the web, then it remains stealth waiting for an Apple device to be connected via USB.
Once the user connects its iOS device to the machine infected by WireLurker, the malware scans the mobile to analyzing the installed applications. If WireLurker finds that a target app is present, it copies the app from the mobile device to the machine, infects its binary and then installs it again on the mobile unit.
The experts at Palo Alto Networks that discovered WireLurker sustain that the instances detected only collect data from the compromised devices, but to date, no other malicious activity has been observed.
The company estimates that several hundred thousand Apple users have been already infected by WireLurker, and experts fear a rapid diffusion of the infection.
Figure 3 — WireLurker detections. Apple mobile devices are becoming a privileged target of criminal gangs due to the large number of devices worldwide and the lack of security measures installed by the Apple users. According to the researchers, the infection was spread initially through several hundred apps offered via Maiyadi, a third-party Chinese software website. Researchers also detected a strain of WireLurker that targets iPhones and carries an Apple digital certificate , but that version needs user approval to be executed.
Another interesting discovery made by the experts from the Alienvault security firm is the existence of a WireLurker version that targets Win32 machines. The malware analysts detected a file with the name:. Figure 4 -Win32 WireLurker module. The file was compiled in March Apple has blocked the apps that could be used by threat actors to propagate the infection.
0コメント