iPhones and iPads Vulnerable to “Masque Attack” | Information Technology | University of Pittsburgh

iPhones and iPads Vulnerable to “Masque Attack”

Friday, November 14, 2014 - 14:43

A security vulnerability in Apple’s mobile operating system (iOS) could allow hackers to use Web pages, text messages, or emails to fool users into downloading fake apps that could then disclose personal information.

The vulnerability makes iPhones and iPads vulnerable to a “masque attack”. This type of attack works by convincing users to install an app from a source other than the iOS App Store. If a user installs an untrusted app (such as an app delivered through a phishing link), the fake app will mimic the original app’s login interface to steal the victim’s login credentials. It could also perform background monitoring of the mobile device and access data from local data caches.

To protect yourself from this type of an attack:

  1. Do not install apps from sources other than Apple’s official App Store.
  2. Do not click “Install” from a third-party pop-up when viewing a Web page.
  3. When opening an app, if iOS shows an “Untrusted App Developer” alert, click on “Don’t Trust” and uninstall the app immediately.

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions regarding this announcement.