A couple of days back, we reported on the so-called Masque Attack afflicting iOS, with threatening apps posing as legitimate ones in order to steal login credentials and generally wreak havoc. The fact that the United States government has issued a bulletin as something of a warning to iOS users is a testament to the severity of the problem, and with Apple concerned about the security of its platform as it well should be, the Cupertino company’s support pages have been updated to offer advice to those worried about Masque.
It’s the iOS Developer Enterprise Program that makes Masque Attack possible in the first place. An infrastructure built to enable organizations to easily create apps for a small number of employees has been exploited by opportunistic hackers, and while iOS has long since prided itself and its software on water-tight security, Masque Attack has added yet another embarrassing blemish on this notion.
The iOS Developer Enterprise Program is, when not being abused, incredibly useful, particularly for business and enterprise, but with iOS being as heavily scrutinized as they come, individuals with ill intentions have found a way to utilize the convenient tool to their advantage. As such, those within organizations taking advantage of the program are advised only to install apps via the secure website manned by their company, and as for the rest of us, the advice is oh-so familiar.
As we mentioned in our original article, the best way to stay safe is to download apps from the App Store only. The whole idea of the Masque Attack is that utilities masquerade themselves as legitimate ones, so unless you’ve gone to the App Store and downloaded something yourself, there’s no telling whether a website-based pop-up is the real deal or a plausible replica out to do serious harm.
The support page over at Apple.com familiarizes users with an example pop-up, and goes on to remind iOS device owners not to install anything from an “Untrusted App Developer.” This may seem like a no-brainer to many of you, but phishing scams like this happen every single day, and while warning users to stick to the official store for apps has been a largely Google-fought battle, the iOS Developer Enterprise Program has ensured that folk running an iPhone, iPad or iPod touch must also now remain vigilant.
The full article on Apple’s support page is as follows:
You may also like to check out: