starbuck Posted March 16, 2016 Posted March 16, 2016 This new strain of malware designed for the iPhone and iPad poses a major risk to hundreds of millions of devices, because it can infect non-jailbroken devices without the user's knowledge. A new strain of malware designed for the iPhone and iPad poses a major risk to hundreds of millions of devices, because it can infect non-jailbroken devices without the user's knowledge. The Trojan, dubbed AceDeceiver by security firm PaloAlto Networks, installs itself on iOS devices without enterprise certificates. "AceDeceiver is the first iOS malware we've seen that abuses certain design flaws in Apple's DRM protection mechanism -- namely FairPlay -- to install malicious apps on iOS devices regardless of whether they are jailbroken," Claud Xiao, a security researcher from Palo Alto Networks, wrote in a blog post Wednesday. FairPlay is Apple's technical system for ensuring people can not steal apps from the App Store. But via an attack technique called FairPlay Man-in-the-Middle (MITM), hackers can install malicious apps on iOS devices without a victim's knowledge while at the same time bypassing Apple's other security measures. "In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by the victim," Xiao explained in the blog post. Palo Alto notes that this FairPlay technique has been in use since 2013, mainly as a way to spread pirated iOS apps. But AceDeceiver marks the first time that it's been used to spread malware. With AceDeceiver, the victim first downloads a Windows program named Aisi Helper, which purports to be software that provides jailbreaking, system backup, device management and system cleaning. Once installed, the PC client automatically installs the most recent malicious iOS app to any connected iOS device, Xiao explained. The malicious app provides a connection to a third party app store controlled by the attacker. From there it's basic phishing: Users are prompted to enter their Apple IDs and passwords to gain access to more features. As of today, AceDeceiver only affects users in mainland China. However, the security firm warns that AceDeceiver is indicative of a bigger problem: That there is a relatively easy way for malware to infect non-jailbroken iOS devices. PaloAlto expects to see other attackers copy the FairPlay MITM technique, especially considering that the flaw hasn't been patched. When a patch does arrive, the attack will likely still work on older versions of iOS systems. PaloAlto reported the malware to Apple on February 26. Source: http://www.zdnet.com/article/ios-malware-acedeceiver-can-infect-non-jailbroken-apple-devices/#ftag=RSSbaffb68 Quote
FPCH Staff Tony D Posted March 17, 2016 FPCH Staff Posted March 17, 2016 If I read this right, to be infected, you need to first download Aisi Helper onto a Windows machine. Then connect an iOS device. So if you don't use a Windows machine, there's no need to worry about this malware. Quote
FPCH Admin AWS Posted March 17, 2016 FPCH Admin Posted March 17, 2016 That's the way it seems to me Tony. Quote Off Topic Forum - Unlike the Rest
starbuck Posted March 17, 2016 Author Posted March 17, 2016 That was how I read it as well. I think what they are getting at is that a vulnerability in 'FairPlay' is used and this could be the start of other hackers using it as well. Quote
Recommended Posts