x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • AceDeceiver is iOS malware that infects non-jailbroken iPhones

AceDeceiver is iOS malware that infects non-jailbroken iPhones

Posted: , by Alan F.

Tags :

AceDeceiver is iOS malware that infects non-jailbroken iPhones
Using a flaw in the design of Apple's Digital Rights Management (DRM) system, iOS malware that has been given the name of AceDeceiver has been able to infect non-jailbroken iPhone units. Because of the flaw in the DRM system, AceDeceiver doesn't require an enterprise certificate to install. Three apps with AceDeceiver were offered in the App Store between July 2015 and February 2016, disguised as wallpaper apps. They have since been removed.

The actual technique used in this attack to install malware on a non-jailbroken iOS device is called "FairPlay Man-In-The-Middle (MITM)." An iOS user can install an iTunes app on his device by using the iTunes client that runs on his computer. With "FairPlay Man-In-The-Middle (MITM)," the attacker buys an iOS app from the App Store and intercepts the authorization code. Using this code, the attacker then tricks the victim's iOS device into believing that it purchased the malicious app. As a result, the victim's iPhone or iPad is infected with apps he/she never paid for, including infected apps that are a ticking time bomb.

Right now, AceDeceiver acts badly only when the victim and his device are located in China, but that is something that can be changed easily. And because it doesn't require an enterprise certificate, even those phones under the watch of an MDM are still vulnerable.The removal of the malicious apps from the App Store won't make a difference. With the FairPlay MITM attack, the malicious app needs to have been available on the App Store only once. And the malicious app installs itself, so the victim's participation is minimal.

As we said, if you live outside of mainland China, you have nothing to be worried about for now. Before these attacks spread to other regions, hopefully Apple will come up with something to put an end to this.

The FairPlay MITM attack uses Apple's DRM system to install malicious apps on an iOS device

The FairPlay MITM attack uses Apple's DRM system to install malicious apps on an iOS device


source: PaloAltoNetworks

50 Comments
  • Options
    Close




posted on 16 Mar 2016, 15:54

1. Unordinary (Posts: 1692; Member since: 04 Nov 2015)


Lmao! Ouch!

(By the way, you spelled infects wrong)

posted on 16 Mar 2016, 16:00 11

3. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


Ouch huh? This aeticle is another proof that iOS isn't as secure as how Apple Fans claim it to be!

posted on 16 Mar 2016, 16:03 11

5. tedkord (Posts: 11629; Member since: 17 Jun 2009)


Nothing is secure.

posted on 16 Mar 2016, 16:56 3

19. xondk (Posts: 1388; Member since: 25 Mar 2014)


Exactly, and unfortunately the way Apple is marketing its brand many people don't realize this that Apple has the same problems as all other software companies.

posted on 16 Mar 2016, 17:16 4

25. AlikMalix (Posts: 5836; Member since: 16 Jul 2014)


The original Palo Alto article has a much better explanation of how it works and why. I'll try to summarize.

1) Any Windows PC user follows a link to the website of the malware author.
2) They are encouraged to download a Windows helper app (malware) which claims to assist in managing iOS devices
3) Once installed on computer, the user is instructed to download an iOS app through a fake iTunes feature within the Windows app
4) The user is prompted for their Apple ID log in which is then stolen. This is the primary purpose of the malware
5) Windows then automatically installs the iOS malware app to any iOS device connected to the computer, without user action.
6) The iOS malware does have an icon which the user might notice as something they did not install, but...
7) Once the malware is installed on the iOS device users can download pirated games from a third party App Store.
8) Currently it only works in China but that could be changed to any region very easily. It works best if it is restricted to only one region at a time

posted on 16 Mar 2016, 22:27 2

38. Mxyzptlk (Posts: 12979; Member since: 21 Apr 2012)


Everyone who are shooting off at the mouth needs to read this before ignorant people start bashing Apple for user stupidity.

posted on 16 Mar 2016, 23:41

39. chebner (Posts: 233; Member since: 17 Oct 2011)


Fully agree that it's user stupidity and the blame is squarely on the user. However, Apple is partly to blame for this user stupidity. Apple tries to grocery that their products are immune to attack and stupid Apple users believe it. Because they believe that Apple is perfect and can't be infected they never have their guard up to look for stupid sh!t like this. They are a victim of their own arrogance.

posted on 17 Mar 2016, 03:02

41. AlikMalix (Posts: 5836; Member since: 16 Jul 2014)


Here's thing... Every single article about some malware or hack that's been reported somehow always relates to China, and it only affects China, with apps made for Chinese specific services. I cannot remember reading an article that would affect someone whose in other markets...

Is the Chinese app store different from the rest of the world?

posted on 17 Mar 2016, 04:24

44. xondk (Posts: 1388; Member since: 25 Mar 2014)


See here's the thing, when you hear about android virus', which are often of this nature as well, people bash Android for it.

Which at least is my point, Android and Apple are both software companies and both have roles and possibilities of being hacked or compromised or whatnot. Apple is not 'unique' in this way despite their marketing.

posted on 17 Mar 2016, 11:29

49. AlikMalix (Posts: 5836; Member since: 16 Jul 2014)


Ok that's fair.

posted on 17 Mar 2016, 04:22

43. xondk (Posts: 1388; Member since: 25 Mar 2014)


Yup, and a lot a _LOT_ of other malware is similar to this in nature, on most any platform.

posted on 16 Mar 2016, 16:03

7. adi9764 (Posts: 56; Member since: 16 Feb 2016)


What you are reading right now is a comment

posted on 16 Mar 2016, 16:03 2

8. Unordinary (Posts: 1692; Member since: 04 Nov 2015)


/Facepalm. Exactly. I guess English isn't your first language (and that's ok).

iOS is not as secure as what though? Surely, we can't compare it to Androids horrific security and privacy lol

posted on 16 Mar 2016, 16:10 9

11. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


For real? It seems you got no idea about Android's security as from 5.0 Lollipop onwards.

Yeah, you hate Droids, we get it.

posted on 16 Mar 2016, 20:58 2

32. MrElectrifyer (Posts: 2934; Member since: 21 Oct 2014)


Some iSheeps never cease to end their ignorance, even when clear evidence has been shown to them multiple times:

http://www.dereferer.org/?http%3A%2F%2Fbit%2Ely%2F1SswEXw

http://www.dereferer.org/?http%3A%2F%2Fbit%2Ely%2F1FZM9C9

posted on 16 Mar 2016, 21:59

34. Unordinary (Posts: 1692; Member since: 04 Nov 2015)


Obviously its going to be "most vulnerable" when there isn't much for it. This is obvious click bait. Just like those "WP has biggest growth this year!!!" lmfao.

posted on 16 Mar 2016, 22:18 1

36. MrElectrifyer (Posts: 2934; Member since: 21 Oct 2014)


"Obviously its going to be "most vulnerable" when there isn't much for it."

Uhm, WTF?

posted on 17 Mar 2016, 03:52 1

42. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


Don't mind that Unordinary guy. He's a hater without clue on what he's argueing about.

posted on 16 Mar 2016, 17:50 2

27. jellmoo (Posts: 1587; Member since: 31 Oct 2011)


To be fair, this issue essentially requires user failure in at least three separate steps. It's a security hole, no doubt, but it's completely negated by some pretty reasonable precautions.

posted on 16 Mar 2016, 21:01 1

33. MrElectrifyer (Posts: 2934; Member since: 21 Oct 2014)


Almost every security problem can be negated if the PEBCAK malware was eliminated...

posted on 16 Mar 2016, 19:46

29. submar (Posts: 462; Member since: 19 Sep 2014)


They just chose not to believe.

posted on 16 Mar 2016, 15:58 1

2. djcody (Posts: 100; Member since: 17 Apr 2013)


Got popcorn, beer and waiting for word war ;)

posted on 16 Mar 2016, 16:02

4. Unordinary (Posts: 1692; Member since: 04 Nov 2015)


I'll start first!

Saxicolous!

Bam! Beat that!

(ps: what do I get if I beat you)?

posted on 16 Mar 2016, 16:03 6

9. tedkord (Posts: 11629; Member since: 17 Jun 2009)


If that X is on a triple letter score, I think you win.

posted on 16 Mar 2016, 17:03

22. Wiencon (Posts: 1870; Member since: 06 Aug 2014)


Hey but it's not 7 letters long. Cheaterrrrrr!!!111

posted on 18 Mar 2016, 08:22

50. g2a5b0e (Posts: 3724; Member since: 08 Jun 2012)


You've never made a Scrabble word more than 7 letters long?

Noob.

posted on 16 Mar 2016, 16:48

17. Doakie (Posts: 2004; Member since: 06 May 2009)


Quit being so cantankerous.

posted on 16 Mar 2016, 16:03 2

6. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


Yeah, word/flame wars is all about childish Apple fanboys.

posted on 16 Mar 2016, 16:04

10. djcody (Posts: 100; Member since: 17 Apr 2013)


BTW is that Apple backdoor app for government in trial before official release??

posted on 16 Mar 2016, 16:15

12. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


It's about a backdoor Gov.OS firmware, not an app.

posted on 16 Mar 2016, 16:22

14. djcody (Posts: 100; Member since: 17 Apr 2013)


I know, just trying be funny men ;)

posted on 16 Mar 2016, 16:29 1

15. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


Such funny doesn't earn you any points, but rather makes you lose credibility.

posted on 16 Mar 2016, 17:04 2

23. Wiencon (Posts: 1870; Member since: 06 Aug 2014)


~60 posts a day?
Get a hobby dude

posted on 16 Mar 2016, 17:12

24. RoboticEngi (Posts: 709; Member since: 03 Dec 2014)


And you are counting them...talking about hobbies..rofl

posted on 16 Mar 2016, 17:35

26. Adreno (banned) (Posts: 755; Member since: 12 Mar 2016)


@Wiencon

I have a hobby, bruh. My job is actually based on the internet.

And I'm well paid.

Cheers.

posted on 16 Mar 2016, 16:50 1

18. Doakie (Posts: 2004; Member since: 06 May 2009)


http://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-reportedly-has-total-access-to-your-iphone/ This was back in 2013, I'm sure they have better ways in now.

posted on 16 Mar 2016, 22:16

35. lyndon420 (Posts: 4370; Member since: 11 Jul 2012)


Kinda looks that way doesn't it lol. I'm sure the fbi already has all the info they need off that iPhone, but now they need all this media attention to condition the public for what's ahead.

posted on 17 Mar 2016, 04:52

46. ibend (Posts: 4579; Member since: 30 Sep 2014)


and next week they'll give up forcing apple, and all people will think their private stuff are safe.. (while NSA continue to make backup for all people's stuff in NSA's server, lol)

posted on 16 Mar 2016, 16:19 1

13. AlikMalix (Posts: 5836; Member since: 16 Jul 2014)


There should be a poll asking how many people install their apps on iOS devices using a PC thru 3rd party client (without iTunes) and in China.

I'll start: I have never in my all Apple owning years ever bough music or apps using PC or Mac using a 3rd part client (or iTunes for that matter).

How about you guys?

posted on 16 Mar 2016, 17:01 3

20. Wiencon (Posts: 1870; Member since: 06 Aug 2014)


Really, I mean that's good that there is such article but the problem of malware on iOS is really...well there isn't any. You have to do everything that Apple tells you not to do to get your device infected. There isn't any platform that is human's "intelligence" proof. On Android it's the same story, use official store and if you have to side load, don't use any chinese site that just screams: DOWNLOAD, VIRUSES INCLUDED

posted on 16 Mar 2016, 16:44 3

16. bubblechaos (Posts: 114; Member since: 04 May 2015)


Between July 2015 and June 2016?
We are in march 2016 right? are they far ahead of us?

posted on 16 Mar 2016, 17:02 3

21. miket1737 (Posts: 2541; Member since: 17 Mar 2013)


Great thing about iOS is that Apple is able to push out a update that will fix this and literally have hundreds of million of iOS users in not even the first week updated with the fix.

posted on 16 Mar 2016, 19:36

28. Ahovking (Posts: 710; Member since: 03 Feb 2015)


Like seriously? Nothing is secure, IOS can and does get affected.

The benefit of iOS is that Apple can respond fast to these problems with updates and dates weeks for 70%+ of the user base to update and fix these flaws.. Unlike android where most android device aren't running upto date software and current run out of date software left vulnerable to attacks.

posted on 16 Mar 2016, 20:27

30. Trakker (Posts: 283; Member since: 11 Feb 2016)


I'm not a fan of Apple but i do like that they do quickly squash these bugs while i just never know if/when Google or any Android phone manufacturer will issue any fixes.

posted on 16 Mar 2016, 22:21

37. lyndon420 (Posts: 4370; Member since: 11 Jul 2012)


I just downloaded the latest security update...they're coming every month now.

posted on 16 Mar 2016, 20:44 3

31. Arch_Fiend (Posts: 2468; Member since: 03 Oct 2015)


Who the hell downloads their apps through their PC anyway.

posted on 17 Mar 2016, 01:08

40. roscuthiii (Posts: 2217; Member since: 18 Jul 2010)


Do we have any China-based commenters who could shed light on the prevalence of using 3rd post PC clients to download apps?
It's not common here, but... Different laws/regulations & culture/customs could mean it's pretty standard there.

Truth be told, I kinda smell the Chinese government behind this. Could just be some enterprising swindlers though.

posted on 17 Mar 2016, 04:37

45. Chuck007 (Posts: 1109; Member since: 02 Mar 2014)


Only a matter of time before this happens. The iPhone is the hottest smartphone line right now. Now it's up to Apple to patch it up.

posted on 17 Mar 2016, 06:33

47. Inotamira (Posts: 173; Member since: 06 Feb 2016)


Apple is secure alright, about as secure as the PS3 was with it's elliptic curve signature, and even that had it's weaknesses and was eventually hacked (granted, was sort of a hardware issue, but not the point) so no, your Apple devices will ALWAYS be secure, it must be wonderful to live in a world where you know absolutely nothing.

posted on 17 Mar 2016, 10:28

48. KingSam (Posts: 246; Member since: 13 Mar 2016)


The only reason Apple is "so secure" is because hackers don't watste time and resources targeting a minority!

Want to comment? Please login or register.

Latest stories