x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • AceDeceiver is iOS malware that infects non-jailbroken iPhones

AceDeceiver is iOS malware that infects non-jailbroken iPhones

Posted: , by Alan F.

Tags :

AceDeceiver is iOS malware that infects non-jailbroken iPhones
Using a flaw in the design of Apple's Digital Rights Management (DRM) system, iOS malware that has been given the name of AceDeceiver has been able to infect non-jailbroken iPhone units. Because of the flaw in the DRM system, AceDeceiver doesn't require an enterprise certificate to install. Three apps with AceDeceiver were offered in the App Store between July 2015 and February 2016, disguised as wallpaper apps. They have since been removed.

The actual technique used in this attack to install malware on a non-jailbroken iOS device is called "FairPlay Man-In-The-Middle (MITM)." An iOS user can install an iTunes app on his device by using the iTunes client that runs on his computer. With "FairPlay Man-In-The-Middle (MITM)," the attacker buys an iOS app from the App Store and intercepts the authorization code. Using this code, the attacker then tricks the victim's iOS device into believing that it purchased the malicious app. As a result, the victim's iPhone or iPad is infected with apps he/she never paid for, including infected apps that are a ticking time bomb.

Right now, AceDeceiver acts badly only when the victim and his device are located in China, but that is something that can be changed easily. And because it doesn't require an enterprise certificate, even those phones under the watch of an MDM are still vulnerable.The removal of the malicious apps from the App Store won't make a difference. With the FairPlay MITM attack, the malicious app needs to have been available on the App Store only once. And the malicious app installs itself, so the victim's participation is minimal.

As we said, if you live outside of mainland China, you have nothing to be worried about for now. Before these attacks spread to other regions, hopefully Apple will come up with something to put an end to this.

The FairPlay MITM attack uses Apple's DRM system to install malicious apps on an iOS device

The FairPlay MITM attack uses Apple's DRM system to install malicious apps on an iOS device


source: PaloAltoNetworks

50 Comments
  • Options
    Close






posted on 16 Mar 2016, 15:54

1. Unordinary (Posts: 1951; Member since: 04 Nov 2015)


Lmao! Ouch!

(By the way, you spelled infects wrong)

posted on 16 Mar 2016, 16:00 11

3. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


Ouch huh? This aeticle is another proof that iOS isn't as secure as how Apple Fans claim it to be!

posted on 16 Mar 2016, 16:03 11

5. tedkord (Posts: 12219; Member since: 17 Jun 2009)


Nothing is secure.

posted on 16 Mar 2016, 16:56 3

19. xondk (Posts: 1589; Member since: 25 Mar 2014)


Exactly, and unfortunately the way Apple is marketing its brand many people don't realize this that Apple has the same problems as all other software companies.

posted on 16 Mar 2016, 17:16 4

25. AlikMalix (Posts: 6287; Member since: 16 Jul 2014)


The original Palo Alto article has a much better explanation of how it works and why. I'll try to summarize.

1) Any Windows PC user follows a link to the website of the malware author.
2) They are encouraged to download a Windows helper app (malware) which claims to assist in managing iOS devices
3) Once installed on computer, the user is instructed to download an iOS app through a fake iTunes feature within the Windows app
4) The user is prompted for their Apple ID log in which is then stolen. This is the primary purpose of the malware
5) Windows then automatically installs the iOS malware app to any iOS device connected to the computer, without user action.
6) The iOS malware does have an icon which the user might notice as something they did not install, but...
7) Once the malware is installed on the iOS device users can download pirated games from a third party App Store.
8) Currently it only works in China but that could be changed to any region very easily. It works best if it is restricted to only one region at a time

posted on 16 Mar 2016, 22:27 2

38. Mxyzptlk (Posts: 14180; Member since: 21 Apr 2012)


Everyone who are shooting off at the mouth needs to read this before ignorant people start bashing Apple for user stupidity.

posted on 16 Mar 2016, 23:41

39. chebner (Posts: 235; Member since: 17 Oct 2011)


Fully agree that it's user stupidity and the blame is squarely on the user. However, Apple is partly to blame for this user stupidity. Apple tries to grocery that their products are immune to attack and stupid Apple users believe it. Because they believe that Apple is perfect and can't be infected they never have their guard up to look for stupid sh!t like this. They are a victim of their own arrogance.

posted on 17 Mar 2016, 03:02

41. AlikMalix (Posts: 6287; Member since: 16 Jul 2014)


Here's thing... Every single article about some malware or hack that's been reported somehow always relates to China, and it only affects China, with apps made for Chinese specific services. I cannot remember reading an article that would affect someone whose in other markets...

Is the Chinese app store different from the rest of the world?

posted on 17 Mar 2016, 04:24

44. xondk (Posts: 1589; Member since: 25 Mar 2014)


See here's the thing, when you hear about android virus', which are often of this nature as well, people bash Android for it.

Which at least is my point, Android and Apple are both software companies and both have roles and possibilities of being hacked or compromised or whatnot. Apple is not 'unique' in this way despite their marketing.

posted on 17 Mar 2016, 11:29

49. AlikMalix (Posts: 6287; Member since: 16 Jul 2014)


Ok that's fair.

posted on 17 Mar 2016, 04:22

43. xondk (Posts: 1589; Member since: 25 Mar 2014)


Yup, and a lot a _LOT_ of other malware is similar to this in nature, on most any platform.

posted on 16 Mar 2016, 16:03

7. adi9764 (Posts: 64; Member since: 16 Feb 2016)


What you are reading right now is a comment

posted on 16 Mar 2016, 16:03 2

8. Unordinary (Posts: 1951; Member since: 04 Nov 2015)


/Facepalm. Exactly. I guess English isn't your first language (and that's ok).

iOS is not as secure as what though? Surely, we can't compare it to Androids horrific security and privacy lol

posted on 16 Mar 2016, 16:10 9

11. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


For real? It seems you got no idea about Android's security as from 5.0 Lollipop onwards.

Yeah, you hate Droids, we get it.

posted on 16 Mar 2016, 20:58 2

32. MrElectrifyer (Posts: 3300; Member since: 21 Oct 2014)


Some iSheeps never cease to end their ignorance, even when clear evidence has been shown to them multiple times:

http://www.dereferer.org/?http%3A%2F%2Fbit%2Ely%2F1SswEXw

http://www.dereferer.org/?http%3A%2F%2Fbit%2Ely%2F1FZM9C9

posted on 16 Mar 2016, 21:59

34. Unordinary (Posts: 1951; Member since: 04 Nov 2015)


Obviously its going to be "most vulnerable" when there isn't much for it. This is obvious click bait. Just like those "WP has biggest growth this year!!!" lmfao.

posted on 16 Mar 2016, 22:18 1

36. MrElectrifyer (Posts: 3300; Member since: 21 Oct 2014)


"Obviously its going to be "most vulnerable" when there isn't much for it."

Uhm, WTF?

posted on 17 Mar 2016, 03:52 1

42. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


Don't mind that Unordinary guy. He's a hater without clue on what he's argueing about.

posted on 16 Mar 2016, 17:50 2

27. jellmoo (Posts: 1699; Member since: 31 Oct 2011)


To be fair, this issue essentially requires user failure in at least three separate steps. It's a security hole, no doubt, but it's completely negated by some pretty reasonable precautions.

posted on 16 Mar 2016, 21:01 1

33. MrElectrifyer (Posts: 3300; Member since: 21 Oct 2014)


Almost every security problem can be negated if the PEBCAK malware was eliminated...

posted on 16 Mar 2016, 19:46

29. submar (Posts: 475; Member since: 19 Sep 2014)


They just chose not to believe.

posted on 16 Mar 2016, 15:58 1

2. djcody (Posts: 103; Member since: 17 Apr 2013)


Got popcorn, beer and waiting for word war ;)

posted on 16 Mar 2016, 16:02

4. Unordinary (Posts: 1951; Member since: 04 Nov 2015)


I'll start first!

Saxicolous!

Bam! Beat that!

(ps: what do I get if I beat you)?

posted on 16 Mar 2016, 16:03 6

9. tedkord (Posts: 12219; Member since: 17 Jun 2009)


If that X is on a triple letter score, I think you win.

posted on 16 Mar 2016, 17:03

22. Wiencon (Posts: 1920; Member since: 06 Aug 2014)


Hey but it's not 7 letters long. Cheaterrrrrr!!!111

posted on 18 Mar 2016, 08:22

50. g2a5b0e (Posts: 3725; Member since: 08 Jun 2012)


You've never made a Scrabble word more than 7 letters long?

Noob.

posted on 16 Mar 2016, 16:48

17. Doakie (Posts: 2107; Member since: 06 May 2009)


Quit being so cantankerous.

posted on 16 Mar 2016, 16:03 2

6. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


Yeah, word/flame wars is all about childish Apple fanboys.

posted on 16 Mar 2016, 16:04

10. djcody (Posts: 103; Member since: 17 Apr 2013)


BTW is that Apple backdoor app for government in trial before official release??

posted on 16 Mar 2016, 16:15

12. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


It's about a backdoor Gov.OS firmware, not an app.

Want to comment? Please login or register.

Latest stories