Mobile Security Weekly: Behind Masque Attack, Russian Worm Spreading, BlackBerry & Samsung Team Up

This week’s issue is dominated by MasqueAttack. The vulnerability, which has caused the US government to issue a security warning for all iOS users, is undoubtedly a major threat. The fact that Apple may have known about it’s existence since July 2014 also poses quite a few pressing questions. Elsewhere, it “business as usual” with another dangerous new Android worm. In an interesting business development, Blackberry and Samsung have formed a new partnership.

MasqueAttack has reached Homeland Security Levels of Danger

In reaction to the headlines surrounding the mobile world’s newest major threat, the U.S. government released a statement for all iPhone and iPad users warning that “a vulnerability in Apple’s iOS mobile operating system could give hackers access to their private information”.

MasqueAttack is the vulnerability that enabled the creation of “WireLurker”, one of the most advanced attacks on Mac OS X and iOS devices to date (which Apple seem to have dealt with).

Masque Attack allows attackers to install fake iOS apps on iPhone or iPad via email or text message. The attack takes advantage of a security weakness that allows an iOS app with the same file name – regardless of developer – to replace a legitimate app on a post-iOS 7 device while keeping all of the user’s sensitive data.

U.S. Department of Homeland Security warns iOS users about ‘Masque Attack’ security flaw

Why is this Significant?

The title pretty much says it all. Rarely do we see a mobile security issue get a dedicated US homeland security warning. As we mention in our post, WireLurker has been the only known attack to implement MasqueAttack so far but that is bound to change. Although attacks do rely on social engineering,  MasqueAttack’s on-device capabilities, especially against non-jailbroken iOS devices, pose a major threat to enterprise security.

Yet Another Russian-Based Android Worm is Spreading like Wildfire

Another Android worm, that began it’s life in Russia has infected more than 14,000 units in 20 countries.

Trojan Android.Wormle.1.origin. is in mRAT (Mobile Remote Access Trojan) that has a wide array of on-device capabilities, including sending SMS-messages, blocking calls, extraction of files confidential information, as well as initiating DDoS (Denial of Service)-attacks on web-sites.

The worm spreads quickly by sending (and resending) the message “I love you http:å // [] app.ru/*number*», where «number» – is number of the recipient.

Why is this Significant?

Though this isn’t exactly ground breaking, and most of the infected devices are in Russia, once an attack like this manages to cross borders, it’s impossible to tell where it will end. It’s also worth mentioning the ability to conduct DoS attacks, which isn’t something that most similar attacks have possessed.

One of the most popular methods of introduction of malware in Android devices is a mass mailing of SMS-messages with links to malicious websites. This is the mechanism used by hackers to spread malicious software that the company’s specialists have identified and Dr.Web virus database called Android.Wormle.1.origin. Подробнее: http://www.securitylab.ru/news/461701.php

BlackBerry & Samsung Forge Mobile Security Partnership

Samsung and BlackBerry have announced a strategic partnership that will enable them to bring Blackberry’s highly rated mobile security solutions to Samsung’s devices.

The end product, which will be available in early 2015, will be a marriage of the best features from Blackberry’s BES12 cross-platform solution and Samsung’s much discussed KNOX.

http://www.cnet.com/news/blackberry-and-samsung-team-up-to-beef-up-security-on-samsung-devices/

Why is this Significant?

Any deal of this size, between of two of the mobile market’s major players, is worth knowing about. From a security viewpoint, this is another obvious step in the ongoing war, mainly between Apple and Samsung, to conquer the modern BYOD-based enterprise. We’ll just have to see how this one plays out.