Researcher warns of danger from imitation iPhone apps

A security researcher is warning hackers could replace authentic Apple-approved apps with dangerous imitations.

The cyber intelligence firm FireEye said the consequences of installing one of the fake apps could be dire. A fake banking app, for example, would quickly jeopardize a user’s identity, not to mention their financial accounts.


“We consider it urgent to let the public know, since there could be existing attacks that haven’t been found by security vendors,” said FireEye, which detailed the potential hack. 

The firm said the technique is based on the same one Chinese attackers were caught using last week to try and spy on iPhone users. 

Apple quickly shut down the scheme, called WireLurker, which involved hackers placing malware on apps frequently downloaded to Apple desktop computers. When the desktop connected to a mobile device, the malware would jump across the cable and lift the device’s data.

Security researchers called WireLurker rudimentary and easy to detect, but worried it revealed a technique that more sophisticated attackers could exploit to greater ruin.

“Masque Attacks can pose much bigger threats than WireLurker,” FireEye said.  “Masque Attacks can replace authentic apps, such as banking and email apps.”

The imitation apps "can even access the original app's local data, which wasn't removed when the original app was replaced,” the firm continued. “These data may contain cached emails, or even login-tokens which the malware can use to log into the user's account directly.”

Apple security researcher Jonathan Zdziarski cautioned that Masque Attack is not a vulnerability, but represents what advanced hackers might accomplish using methods similar to WireLurker.

“What FireEye is outlining is something that can potentially be an issue but only after the user explicitly authorizes its installation on the phone and after a delivery mechanism to the phone succeeds (such as sending the user a link to click on, or compromising their desktop machine like WireLurker does),” he said by email. “The user has to do a lot of dumb things before this is even possible.”

Apple’s security features have come under increased scrutiny in China and the United States.

The Chinese government is suspected of repeatedly hacking the tech giant’s products in what experts believe is an effort to gather information about protesters in Hong Kong. 

But it’s also part of a broader retaliation against American tech companies after the U.S. government indicted five Chinese military members for hacking, said Chinese cyber policy expert Adam Segal, a senior fellow at the Council on Foreign Relations. 

Apple is one of many tech companies “clearly bearing the fallout” of the U.S. government’s decision, he said. “A lot of them were not really happy with the indictments.”

Back home, Apple has worked to heighten its encryption methods in response to the U.S. surveillance programs disclosed by former National Security Agency contractor Edward Snowden. Law enforcement officials have argued the security measures could derail legitimate criminal investigations.

FireEye has notified Apple about the possible hack and believes the company is working to address it.