FireEye discovers significant iOS vulnerability

By Dylan Bushell-Embling
Thursday, 02 July, 2015

FireEye researchers have discovered a previously undisclosed vulnerability in Apple’s smartphone operating system that could potentially allow for the hijacking of VPN traffic.

The iOS vulnerability, known as Plugin Masque, can be used to bypass built-in entitlement enforcement by replacing a legitimate VPN plug-in with a malicious version using the same bundle ID.

By leveraging the vulnerability it is possible for attackers to jailbreak an iOS device running version 8.1.2 or earlier. Launching the attack does not require the user to trust the malicious app and the app is designed to return after a reboot, making uninstallation difficult.

FireEye has now discovered and disclosed five Masque attacks targeting iOS. These include App Masque, designed to replace existing apps with malicious versions and harvest sensitive data, and Manifest Masque, designed to demolish other apps during over-the-air installations.

The company urged iOS users to update their operating system to help protect against the threats, noting that around a third of devices still haven’t updated to versions 8.1.3 or higher, five months after the release of the update. All such devices are still vulnerable to every Masque attack.

The security of mobile devices is a growing concern, but one company is taking the opposite approach. Salient Eye is an app to turn old smartphones and tablets into motion-detecting surveillance cameras.

New Zealand mother Melissa Rodrigues recently used Salient Eye to detect and help police track down an intruder into her home. She was alerted to the intruder by her three-year-old son and set up a Salient Eye system in response.

When the intruder returned, she was notified via an automatic message and was able to alert the police of the presence of the intruder. An image captured from the footage was used by the police to identify the culprit — a neighbour involved in a thievery spree.

“The support this app gave us was absolutely fantastic,” Rodrigues said. “It meant we didn’t have to put ourselves in harm’s way to look for him, and with the email alert we were on the phone to the police in literally seconds.”

Image courtesy of William Hook under CC