Vulnerability of Non-Jailbroken iOS Devices Confirmed
The major reason most people prefer iOS devices over Android is the extra layer of protection Apple offers in all its products. However, the recent Hacking Team data theft incident has challenged the long-standing reputation of the company, putting a big question mark the security of iPhones, even the ones with stock firmware.
iOS Developer Enterprise Program Has Some Loopholes
Apple’s Developer Enterprise Program allows developers and businessmen to develop in-house applications and install them on as many iOS devices as they want. This feature is mainly used by businessmen who want a custom app just for their own employees. People with an Apple Enterprise Certificate do not even need to take permission from Apple to install these apps. Unfortunately, some people are abusing this program. The most recent example is Hacking Team, an information technology company that sells spyware to governments, organizations and other bigger customers. After a hacking attack on the company, it was revealed that this company itself was involved in stealing data from non-jailbroken iOS devices. Further investigation revealed that the company had an Apple Developer Certificate and it was with this certificate that the company installed its spyware on non-jailbroken iOS devices. The Hacking team used to sign all spyware with the certificate, making the app look legitimate in the eyes of Apple.
Masque Attack is a Real Threat
Masque attack is an easier way of stealing data from the iOS even if it is not jailbroken. In this attack, the developers create a copy of a legitimate application like Facebook, WhatsApp, etc. with same binary identifier or file name as that of an original app. The copied app is actually a malicious app which is then signed by developer certificate and installed on iOS devices without letting Apple know. This app starts stealing data after getting fully functional. Hacking Team was found to be using the same method to install spyware on non-jailbroken devices.
Spyware Can Easily Target Non-Jailbroken iPhones
Masque attacks and misuse of developer certificate allows the hacker to install spyware into iOS devices. The spyware sends all the documents, contact details, videos, images, calendar, and even keystrokes to the hackers, leaving the users exposed. As the spyware are identical to apps we use in daily life, it becomes almost impossible to detect them.
With a spyware on your iOS device, it becomes quite easy for the hacker to misuse your information and exploit you, so it’s strongly suggested that you take preventive measures instead of just relying on Apple for protecting iOS devices.