iOS malware AceDeceiver can infect non-jailbroken Apple devices

This new strain of malware designed for the iPhone and iPad poses a major risk to hundreds of millions of devices, because it can infect non-jailbroken devices without the user's knowledge.

A new strain of malware designed for the iPhone and iPad poses a major risk to hundreds of millions of devices, because it can infect non-jailbroken devices without the user's knowledge.

The Trojan, dubbed AceDeceiver by security firm PaloAlto Networks, installs itself on iOS devices without enterprise certificates.

"AceDeceiver is the first iOS malware we've seen that abuses certain design flaws in Apple's DRM protection mechanism -- namely FairPlay -- to install malicious apps on iOS devices regardless of whether they are jailbroken," Claud Xiao, a security researcher from Palo Alto Networks, wrote in a blog post Wednesday.

FairPlay is Apple's technical system for ensuring people can not steal apps from the App Store. But via an attack technique called FairPlay Man-in-the-Middle (MITM), hackers can install malicious apps on iOS devices without a victim's knowledge while at the same time bypassing Apple's other security measures.

"In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by the victim," Xiao explained in the blog post.

Palo Alto notes that this FairPlay technique has been in use since 2013, mainly as a way to spread pirated iOS apps. But AceDeceiver marks the first time that it's been used to spread malware.

With AceDeceiver, the victim first downloads a Windows program named Aisi Helper, which purports to be software that provides jailbreaking, system backup, device management and system cleaning.

Once installed, the PC client automatically installs the most recent malicious iOS app to any connected iOS device, Xiao explained.

The malicious app provides a connection to a third party app store controlled by the attacker. From there it's basic phishing: Users are prompted to enter their Apple IDs and passwords to gain access to more features.

As of today, AceDeceiver only affects users in mainland China. However, the security firm warns that AceDeceiver is indicative of a bigger problem: That there is a relatively easy way for malware to infect non-jailbroken iOS devices.

PaloAlto expects to see other attackers copy the FairPlay MITM technique, especially considering that the flaw hasn't been patched. When a patch does arrive, the attack will likely still work on older versions of iOS systems.

PaloAlto reported the malware to Apple on February 26.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All