WireLurker, Masque Attack malware only a threat for users who disable Apple's iOS, OS X security

13»

Comments

  • Reply 41 of 51
    techlover wrote: »
    Does AI pay DED by the word?
    They must do. Or he just gets over excited as his mouth foams over when he starts his rant against android.
  • Reply 42 of 51
    Quote:

    Originally Posted by muppetry View Post





    I'm not sure about that - I have one app that I loaded from a website without any changes to the default iOS security posture. It was not approved for the App Store because it broke a couple of video API rules.



    That doesn't sound easy. How did you manage that on iOS?

  • Reply 43 of 51
    Quote:

    Originally Posted by DroidFTW View Post







    So your normal, everyday user can't go into their iPhone settings and allow the installation of 3rd party apps.  Thanks for the clarification as the article appeared to suggest otherwise.



    From DED's original article:

     

    "When a developer deploys apps through Apple's App Store, the app is "signed" or encrypted by the developer's private key. Under iOS, there's no way to turn this off unless users purposely "jailbreak" the security system, a process that exploits an existing vulnerability in order to turn off the system's verification of app signatures."

     

    and later:

     

    "Enterprise users may want to distribute a custom app to only their own employees, rather than making it available in the App Store. For these users, Apple has made it possible to effectively sideload iOS apps along with a provisioning profile that vouches for the app."

     

    Seemed crystal clear to me.

  • Reply 44 of 51
    muppetrymuppetry Posts: 3,331member
    muppetry wrote: »
    I'm not sure about that - I have one app that I loaded from a website without any changes to the default iOS security posture. It was not approved for the App Store because it broke a couple of video API rules.


    That doesn't sound easy. How did you manage that on iOS?

    I was surprised that it worked at all, but all I did was follow a link to the website and confirm that I wanted to install the app. It's clearly done using the enterprise system, but did not require registering my iOS device.
  • Reply 45 of 51
    Quote:
    Originally Posted by muppetry View Post





    I was surprised that it worked at all, but all I did was follow a link to the website and confirm that I wanted to install the app. It's clearly done using the enterprise system, but did not require registering my iOS device.



    I was curious because as a developer myself, I could not just email you my app and expect you to be able to run it as you would need a distribution certificate from me which matched the signature of my app. Obviously, if the website you used was a corporate one for which you also had a corresponding distribution certificate I can understand it but otherwise, as a 'joe public' user, it would not be easy. You also say that it was not approved as it broke a couple of video API rules - given that an enterprise app is not likely to be distributed via the App Store it seems to muddy the waters even more ...

  • Reply 46 of 51
    muppetrymuppetry Posts: 3,331member
    muppetry wrote: »
    I was surprised that it worked at all, but all I did was follow a link to the website and confirm that I wanted to install the app. It's clearly done using the enterprise system, but did not require registering my iOS device.


    I was curious because as a developer myself, I could not just email you my app and expect you to be able to run it as you would need a distribution certificate from me which matched the signature of my app. Obviously, if the website you used was a corporate one for which you also had a corresponding distribution certificate I can understand it but otherwise, as a 'joe public' user, it would not be easy. You also say that it was not approved as it broke a couple of video API rules - given that an enterprise app is not likely to be distributed via the App Store it seems to muddy the waters even more ...

    That was the issue - it was not a corporate site for which I had a distribution certificate - it was a commercial site and a control app for one of their products. At the time the app was under beta testing, and so a limited number of users were invited to test it, but all that was provided to me by the company was the link. Since then the app has been "released", in the sense that that the company advertised the link, but it is still not in the App Store. The video API problem is almost certainly still the reason. I can send you the link if you are interested.
  • Reply 47 of 51
    gatorguygatorguy Posts: 24,176member
    The US Government issued a security alert today for iOS users, citing Masque Attack
    https://www.us-cert.gov/ncas/alerts/TA14-317A :\
  • Reply 48 of 51
    Originally Posted by Gatorguy View Post

    The US Government issued a security alert today for iOS users, citing Masque Attack

    https://www.us-cert.gov/ncas/alerts/TA14-317A image



    And given that ~30% of people trust the government, this just reenforces their stupidity.

  • Reply 49 of 51

    Thanks for the above given stuffs, its really helpful for all.







    http://www.fixbrowserthreats.com
  • Reply 50 of 51
    Guys , see how a gadget can prevent Wireluke virus and unknown chargers from Stealing and infecting personal Phone data on Indiegogo in 60 seconds.
    http://igg.me/at/SpyD-IphoneHack/
  • Reply 51 of 51
    A security organization called FireEye uncovered a certainty that there are two sorts of Masque assaults focusing on iOS. Apple has officially fixed the defects mostly and still 33% of iOS gadgets are at danger.Read more at:http://birmingham.fortuneinnovations.com/news/masque-attacks-can-destroy-your-iphone-apps-completely
Sign In or Register to comment.