There was
the potential for hacks using a newly identified technique known as the 'Masque
Attack,' the government said in an online
bulletin from the National Cybersecurity and Communications Integration Center
and the U.S. Computer Emergency Readiness Teams.
Network Security
Company, FireEye disclosed the vulnerability behind the 'Masque Attack' earlier
this week, saying it had been exploited to launch a campaign dubbed
'WireLurker' and that more attacks could follow.
Hackers
could potentially steal login credentials, access sensitive data stored on iOS
devices and remotely monitor activity on those devices, the government said.
Such
attacks could be avoided if iPad and iPhone users only installed apps from
Apple's App Store or from their own organizations, it said.
Users
should not click 'Install' from pop-ups when surfing the web.
If iOS
flashes a warning that says 'Untrusted App Developer,' users should click on
'Don't Trust' and immediately uninstall the app, the bulletin said.
If
installed, the malicious application can then be used to replace genuine,
trusted apps that were installed through Apple's App Store, including email and
banking programs, with malicious software through a technique that FireEye has
dubbed 'Masque Attack.'
No comments:
Post a Comment