AceDeceiver is iOS malware that infects non-jailbroken iPhones

AceDeceiver is iOS malware that infects non-jailbroken iPhones
Using a flaw in the design of Apple's Digital Rights Management (DRM) system, iOS malware that has been given the name of AceDeceiver has been able to infect non-jailbroken iPhone units. Because of the flaw in the DRM system, AceDeceiver doesn't require an enterprise certificate to install. Three apps with AceDeceiver were offered in the App Store between July 2015 and February 2016, disguised as wallpaper apps. They have since been removed.

The actual technique used in this attack to install malware on a non-jailbroken iOS device is called "FairPlay Man-In-The-Middle (MITM)." An iOS user can install an iTunes app on his device by using the iTunes client that runs on his computer. With "FairPlay Man-In-The-Middle (MITM)," the attacker buys an iOS app from the App Store and intercepts the authorization code. Using this code, the attacker then tricks the victim's iOS device into believing that it purchased the malicious app. As a result, the victim's iPhone or iPad is infected with apps he/she never paid for, including infected apps that are a ticking time bomb.

Right now, AceDeceiver acts badly only when the victim and his device are located in China, but that is something that can be changed easily. And because it doesn't require an enterprise certificate, even those phones under the watch of an MDM are still vulnerable.The removal of the malicious apps from the App Store won't make a difference. With the FairPlay MITM attack, the malicious app needs to have been available on the App Store only once. And the malicious app installs itself, so the victim's participation is minimal.

As we said, if you live outside of mainland China, you have nothing to be worried about for now. Before these attacks spread to other regions, hopefully Apple will come up with something to put an end to this.

The FairPlay MITM attack uses Apple's DRM system to install malicious apps on an iOS device

The FairPlay MITM attack uses Apple's DRM system to install malicious apps on an iOS device


source: PaloAltoNetworks

FEATURED VIDEO

46 Comments

1. Unordinary unregistered

Lmao! Ouch! (By the way, you spelled infects wrong)

3. Adreno

Posts: 755; Member since: Mar 12, 2016

Ouch huh? This aeticle is another proof that iOS isn't as secure as how Apple Fans claim it to be!

5. tedkord

Posts: 17131; Member since: Jun 17, 2009

Nothing is secure.

19. xondk

Posts: 1904; Member since: Mar 25, 2014

Exactly, and unfortunately the way Apple is marketing its brand many people don't realize this that Apple has the same problems as all other software companies.

25. AlikMalix unregistered

The original Palo Alto article has a much better explanation of how it works and why. I'll try to summarize. 1) Any Windows PC user follows a link to the website of the malware author. 2) They are encouraged to download a Windows helper app (malware) which claims to assist in managing iOS devices 3) Once installed on computer, the user is instructed to download an iOS app through a fake iTunes feature within the Windows app 4) The user is prompted for their Apple ID log in which is then stolen. This is the primary purpose of the malware 5) Windows then automatically installs the iOS malware app to any iOS device connected to the computer, without user action. 6) The iOS malware does have an icon which the user might notice as something they did not install, but... 7) Once the malware is installed on the iOS device users can download pirated games from a third party App Store. 8) Currently it only works in China but that could be changed to any region very easily. It works best if it is restricted to only one region at a time

38. Mxyzptlk unregistered

Everyone who are shooting off at the mouth needs to read this before ignorant people start bashing Apple for user stupidity.

39. chebner

Posts: 249; Member since: Oct 17, 2011

Fully agree that it's user stupidity and the blame is squarely on the user. However, Apple is partly to blame for this user stupidity. Apple tries to grocery that their products are immune to attack and stupid Apple users believe it. Because they believe that Apple is perfect and can't be infected they never have their guard up to look for stupid sh!t like this. They are a victim of their own arrogance.

41. AlikMalix unregistered

Here's thing... Every single article about some malware or hack that's been reported somehow always relates to China, and it only affects China, with apps made for Chinese specific services. I cannot remember reading an article that would affect someone whose in other markets... Is the Chinese app store different from the rest of the world?

44. xondk

Posts: 1904; Member since: Mar 25, 2014

See here's the thing, when you hear about android virus', which are often of this nature as well, people bash Android for it. Which at least is my point, Android and Apple are both software companies and both have roles and possibilities of being hacked or compromised or whatnot. Apple is not 'unique' in this way despite their marketing.

49. AlikMalix unregistered

Ok that's fair.

43. xondk

Posts: 1904; Member since: Mar 25, 2014

Yup, and a lot a _LOT_ of other malware is similar to this in nature, on most any platform.

7. adi9764

Posts: 119; Member since: Feb 16, 2016

What you are reading right now is a comment

8. Unordinary unregistered

/Facepalm. Exactly. I guess English isn't your first language (and that's ok). iOS is not as secure as what though? Surely, we can't compare it to Androids horrific security and privacy lol

11. Adreno

Posts: 755; Member since: Mar 12, 2016

For real? It seems you got no idea about Android's security as from 5.0 Lollipop onwards. Yeah, you hate Droids, we get it.

32. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

Some iSheeps never cease to end their ignorance, even when clear evidence has been shown to them multiple times: http://www.dereferer.org/?http%3A%2F%2Fbit%2Ely%2F1SswEXw http://www.dereferer.org/?http%3A%2F%2Fbit%2Ely%2F1FZM9C9

34. Unordinary unregistered

Obviously its going to be "most vulnerable" when there isn't much for it. This is obvious click bait. Just like those "WP has biggest growth this year!!!" lmfao.

36. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

"Obviously its going to be "most vulnerable" when there isn't much for it." Uhm, WTF?

42. Adreno

Posts: 755; Member since: Mar 12, 2016

Don't mind that Unordinary guy. He's a hater without clue on what he's argueing about.

27. jellmoo

Posts: 2531; Member since: Oct 31, 2011

To be fair, this issue essentially requires user failure in at least three separate steps. It's a security hole, no doubt, but it's completely negated by some pretty reasonable precautions.

33. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

Almost every security problem can be negated if the PEBCAK malware was eliminated...

29. submar

Posts: 713; Member since: Sep 19, 2014

They just chose not to believe.

2. djcody

Posts: 219; Member since: Apr 17, 2013

Got popcorn, beer and waiting for word war ;)

4. Unordinary unregistered

I'll start first! Saxicolous! Bam! Beat that! (ps: what do I get if I beat you)?

9. tedkord

Posts: 17131; Member since: Jun 17, 2009

If that X is on a triple letter score, I think you win.

22. Wiencon

Posts: 2278; Member since: Aug 06, 2014

Hey but it's not 7 letters long. Cheaterrrrrr!!!111

50. g2a5b0e unregistered

You've never made a Scrabble word more than 7 letters long? Noob.

17. Doakie

Posts: 2478; Member since: May 06, 2009

Quit being so cantankerous.

6. Adreno

Posts: 755; Member since: Mar 12, 2016

Yeah, word/flame wars is all about childish Apple fanboys.

10. djcody

Posts: 219; Member since: Apr 17, 2013

BTW is that Apple backdoor app for government in trial before official release??

12. Adreno

Posts: 755; Member since: Mar 12, 2016

It's about a backdoor Gov.OS firmware, not an app.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.