Hacking Team Masque Attack use the vulnerability to attack on the iPhone and iPad without jailbreaking

In carrying out attacks on mobile Apple devices malicious users can use a suite of applications for creating Masque Attack fake applications Facebook, Twitter and WhatsApp. Experts FireEye revealed details about the attack on the passing now in Las Vegas conference Black Hat.



Researchers became aware of the Masque Attack after analyzing the documents leaked by the recent hacking Hacking Team. As it turned out, all the major mobile operating systems, including iOS, Android, Windows and BlackBerry, are the objectives of the Italian manufacturer spyware. Experts have found the program Remote Control System, designed specifically for hacking iPhone and iPad.

Log files Hacking Team indicate that the company had the opportunity to send "inaccessible public" versions of malicious applications, unofficial versions of programs, steal confidential information and upload it to a remote server.

Moreover, experts have found an application that allows to remotely manage the iOS-devices without jailbreak after booting from a server application package Masque Attack, notes Securitylab. Each program provides a control panel allows you to change its "behavior."

After the attack on the iPhone and iPad attackers have the following information:

  • Records of calls in Skype, Wechat, etc.
  • Correspondence Skype, WhatsApp, Facebook Messenger, etc.
  • History of Chrome.
  • Phone calls.
  • Messages SMS / iMessage.
  • Tracking the movement of the user in the background.~
  • Contact Information.
  • Photo.
All applications Masque Attack are reassembled mobile versions of popular social platforms, including Facebook, Twitter, WhatsApp and Skype. They exploit vulnerabilities in iOS. There is no digital certificate applications, so users should install them to bypass the warning notice. The vulnerability has been closed Apple's update iOS 8.1.3.


If you found this post useful, dont forget to click the +1 button =>  

Follow GreenPois0n on Google+


blog comments powered by Disqus