x PhoneArena is hiring! Reviewer in the USA

AceDeceiver is iOS malware that infects non-jailbroken iPhones

Posted: , posted by Alan F.

Tags :

AceDeceiver is iOS malware that infects non-jailbroken iPhones
Using a flaw in the design of Apple's Digital Rights Management (DRM) system, iOS malware that has been given the name of AceDeceiver has been able to infect non-jailbroken iPhone units. Because of the flaw in the DRM system, AceDeceiver doesn't require an enterprise certificate to install. Three apps with AceDeceiver were offered in the App Store between July 2015 and February 2016, disguised as wallpaper apps. They have since been removed.

The actual technique used in this attack to install malware on a non-jailbroken iOS device is called "FairPlay Man-In-The-Middle (MITM)." An iOS user can install an iTunes app on his device by using the iTunes client that runs on his computer. With "FairPlay Man-In-The-Middle (MITM)," the attacker buys an iOS app from the App Store and intercepts the authorization code. Using this code, the attacker then tricks the victim's iOS device into believing that it purchased the malicious app. As a result, the victim's iPhone or iPad is infected with apps he/she never paid for, including infected apps that are a ticking time bomb.

Right now, AceDeceiver acts badly only when the victim and his device are located in China, but that is something that can be changed easily. And because it doesn't require an enterprise certificate, even those phones under the watch of an MDM are still vulnerable.The removal of the malicious apps from the App Store won't make a difference. With the FairPlay MITM attack, the malicious app needs to have been available on the App Store only once. And the malicious app installs itself, so the victim's participation is minimal.

As we said, if you live outside of mainland China, you have nothing to be worried about for now. Before these attacks spread to other regions, hopefully Apple will come up with something to put an end to this.

The FairPlay MITM attack uses Apple's DRM system to install malicious apps on an iOS device

source: PaloAltoNetworks

  • Options

Want to comment? Please login or register.

Latest stories