Page 16 - Mobile Data Loss
P. 16

10    Mobile Data Loss


             Anatomy of the Masque Attack (iOS)

                                             4. Attacker sends the
                                            URL via email (or
                      1. Attacker creates   distributes via corp app
                      malicious iOS app
                     (which has the same    store) to the victim
                                            encouraging them to
                     bundle ID as the app                 7. App harvests data
                     he intends to masque)  download the update to  and credentials from
                                            the App       App
                    2. Attacker gets an enterprise cert
                                            5. The user clicks on the
                    (either by stealing from a company  link in the email and
                    or by registering one himself) and
                                           downloads the App
                      signs the malicious app
                                            6. The App updates the  Username,
                                            legitimate App on the  Password, Data,
                                            iOS device    and more…
                  3. The attacker then posts
                  the App on a malicious site
                  (or Enterprise App Store)
                  for download
          Figure 2.1 Masque Attack.
          data from the app, as well the app credentials. Figure 2.1 outlines the
          attack.
                       2
             Stagefright was a vulnerability found in the media library on
          Android that impacted approximately 99% of all Android devices. An
          attacker can send a malicious multimedia message via MMS. When a
          vulnerable Android device receives message, it automatically down-
          loads (default setting) and infects the device through the multimedia
          preview function. This can allow an attacker to steal data, hijack the
          microphone, use the camera, and essentially behave like spyware on
          the infected device. The fragmentation with Android presents a chal-
          lenge when attempting to patch Android devices. Unlike Apple’s iOS
          where all patches come from Apple, Android relies on carriers to pro-
          vide the patches to their respective Android devices. Many times
          patches are delayed for months, and in other cases never provided.

             Risky apps are another concern that can present a risk to enterprise
          data. Apps that collect location information, harvest contacts, collect
          device hardware information, and more may not directly present a
          malware threat, but do present a privacy risk to user and enterprise






          2 https://blog.zimperium.com/stagefright-vulnerability-details-stagefright-detector-tool-released/
          Stagefright: Vulnerability Details
   11   12   13   14   15   16   17   18   19   20   21