It is a common perception among users that iPhones are more secure than Android phones when it comes to certain hacks. It is correct to a certain extent, but that does not mean that hackers cannot attack Apple’s OS. According to a recent report by FireEye, a critical security flaw in iOS can let Cyber Criminals install malicious apps on iPhone.
Simon Mullis, FireEye Global Technical Lead, said regarding the critical security flaw in iOS:
“The most recent version of the Masque attack uses a technique called ‘URL Scheme Hijacking.’ The attacker is initially able to bypass the mechanism used by Apple to ensure that a user trusts an app that is being installed.”
The recently discovered critical security flaw in iOS might not affect many users, but it has a great potential for cyber criminals because of the way it operates. The security flaw fools the iPhone into downloading a fake app that replaces an actual app on your iPhone without your knowledge. The malicious app can then be used by hackers for various purposes without the knowledge of a user.
The malicious app appears and performs like a real app, but without the user’s knowledge the app can activate additional silent functions, such as uploading personal data to a server controlled by hackers or spying on conversations. However, the important fact that you need to know about this security threat is that the malicious apps will be downloaded only when you will click on an infected link.
Simon Mullis also said:
“If you can be tricked into clicking on a link on your phone to install an application then any of your apps could be replaced with a malicious version. It could look identical to the standard app but have extra functionality. Once installed, the new malicious application can hijack the communications used by legitimate apps and steal information, such as login credentials.”
According to a report by Business Insider, FireEye has already found fake versions of various popular apps targeting smartphone users in the wild, which includes Facebook, Skype, Twitter, Viber, WhatsApp and others.
The iPhone users are advised not to click on any suspicious link to protect themselves from a critical security flaw in iOS.