The platform for apps on the iPhone through the iTunes store is one of the more secure platforms out there, but nothing is bulletproof. With roughly 500 million phones sold since the original iPhone launched, the increase of hacks on the platform are inevitable. Recently the media has reported on two wide-scale attacks on the iOS platform- WireLurker and Masque.

iOs Security Flaw “Masque Attack”

The Masque attack, announced on November 10, 2014, has exposed a security flaw where a malicious app can replace a legitimate app, as long as the malicious app has the same bundle identifier, which is the unique ID code for an app. These malicious apps will often look identical to the legitimate ones that they are replacing. The purpose of this attack is to steal sensitive information such as login credentials and personal data. The malware can also access the original app’s stored data, so even if the replaced app isn’t launched, it can still access the data that is stored on the device. This vulnerability lies in both jailbroken phones and non-jailbroken phones.

The good news is that these malicious apps cannot be downloaded from the official iTunes App Store. Apple does offer developers the ability to distribute apps outside of their store, but the user must first install a provisioning profile on the device. A provisioning profile allows applications to install and run on iPhones and is primarily used by app developers for testing purposes.  Downloading apps by means of links from websites is unconventional and can lead users to download malicious files. Third party app stores are stores hosted on a website that users can access via their device’s mobile browser to download applications. These app stores are risky to use, as there is little to no screening process involved concerning what apps are available in the store. Therefore, it is very easy for cybercriminals to hide malware within the app.

While the real-world threat for this is low, this just goes to show that iOS devices are not as immune to threats as we once thought.

WireLurker Trojan Malware

OSX.Wirelurker, which was discovered last week, is a Trojan that is embedded in pirated apps. The purpose of this Trojan is to steal sensitive user data. It was discovered on the Maiyadi App Store, which is a third party app store in China. It can infect iOS devices and can be transferred to an OSX computer via a USB cable. Once the infected device is synced to an OSX computer via a USB cable, WireLurker can then infect any other phone that is connected to that computer. Even if the device is not jailbroken.

The Risks of Third Party App Stores

While third party app stores for iOS are few, it is not a good idea to download apps from these stores. These stores usually offer little to no screening processes as to what is allowed in the store. In addition to the normal apps on third party stores, there is also an abundance of pirated apps, which can easily come infected with malware, such as WireLurker, all aimed at stealing your data.

The Apple App store has a complex App review process where an app is thoroughly tested for technical and security issues before it is officially released on to the store. Therefore it is highly advised to only download apps from legitimate app stores, which in this case, is the Apple App Store.

How to protect your phone and computer against WireLurker and Masque Attacks:

• Don’t install apps from third party app stores. Only download apps from the iTunes App Store.
• Don’t install apps from an unknown website.
• If you open an app and it alerts you that the app is from an untrusted app developer, click on “Don’t Trust”.Only plug your phone into a trusted computer such as your own- do not plug any untrusted phones in to your computer. If you are away from your own computer and need to plug in for a power boost, use your wall charger instead.
• Protect your computer, too. If you are on a Mac, you can block third-party apps by going to System Preferences and clicking "Security and Privacy" and select "Allow apps downloaded from Mac App Store." And of course, be sure to have an Internet security suite installed on your computer.
• Keep your iOS and Mac devices updated whenever updates are available.
• Avoid jailbreaking unless you absolutely know what you’re doing.
• Don’t turn off built in Apple security features.  

The Future of Security on the iOS Platform

While these two attacks seem to be happening in niche markets, it is an important snapshot of what is in store for the iOS platform. As the popularity of these devices continues to grow, so does the desire of cybercriminals to target the platform. While iOS is fairly secure right now as long as you only download from legitimate sources, these examples show that the future of the security of these devices is not as invincible as many consumers once thought.