Photo: Heavy

If you thought you were safe from iPhone hacks, think again. Hackers found a new, crafty way to extort information.

We have stepped into an era of hacks: nobody is safe. So far, Android phones were the main targets; a large number of system vulnerabilities were discovered during the past month. Now, however, FireEye discovered that iPhone users have a lot to be afraid of, because hacker found a very crafty, stealthy way to seep into our phones’ systems. Some extortions have already been reported, although it is still unclear how many people are affected. Word is, that for the time being, only a small number of people got the hack-treatment.

iPhone gaming lovers, we really are sorry, but from now on, you have to be extra cautious when downloading and application. Business Insider gave us the quick run-through in how these malicious apps work: first, you are persuaded to download an application. Through clever channels, hackers convince you that you actually need that app. So, you download it. But little do you know that the downloaded app – although seemingly legit – is a program meant to hijack your personal details. The bad-apps are downloaded with a click on the wrong web link… you do not even notice what happens in the background.

iPhone hacks done in an instance

So, how exactly does it all work? Simon Mullis, technical lead of FireEye, a well-known cybersecurity company, told Business Insider: “If you can be tricked into clicking on a link on your phone to install an application then any of your apps could be replaced with a malicious version. It could look identical to the standard app but have extra functionality. Once installed, the new malicious application can hijack the communications used by legitimate apps and steal information, such as login credentials.” Now, once they gain access to one password, it’s not long before they work out other passwords and steal important, personal information.

The worst thing is, that huge companies’ applications are also affected; according to FireEye, WhatsApp, Twitter, Facebook, Facebook Messenger, WeChat, Google Chrome, Viber, Blackberry Messenger, Skype, Telegram, and VK were all exploited to gain delicate information. They say that this only occurs when someone decides to download iOS apps from other sites. Downloading from the App Store is safe for now. So, if you are planning on downloading that new gambling app, only do it from the official source. The Business Insider further emphasized that we are only vulnerable to an attack if we click on such a malicious link. It is smart therefore, to exercise caution.

The workings of an iPhone hijacking

These horrid apps “come with an extra binary designed to exfiltrate sensitive data and communicate with a remote server. Because all the bundle identifiers are the same as the genuine apps on App Store, they can directly replace the genuine apps on iOS devices prior 8.1.3,” as FireEye reports. It is impossible to notice that something is wrong when the apps function perfectly.
If you’re an Android fan and you feel a bit smug right now, I suggest you wipe the grin off your face: unfortunately, as Business Insider says, “the technique works on all major mobile operating systems including iOS and Android. But so far, FireEye has only seen the attack used against iPhone users.”

Nobody is safe, not anymore. As Mullis told Business Insider: “We have found examples of many well-known apps have been repackaged in this way: Twitter, Facebook, WhatsApp, Viber, Skype and others. They are versions of the standard app with extra functionality to exfiltrate sensitive information to remote servers. We have found these applications in use in the wild.” Is there a patch that could potentially fix this? Or should we just live in fear from now on? Let’s hope that somebody will come up with a plan and we can continue downloading mobile gambling apps as we please. In the meantime, Mullis believes that the small number of people affected will soon start to grow. Well, I think I’ll start using my old Nokia 3310 again.