Jump to content

Recommended Posts

Posted

This new strain of malware designed for the iPhone and iPad poses a major risk to hundreds of millions of devices, because it can infect non-jailbroken devices without the user's knowledge.

 

A new strain of malware designed for the iPhone and iPad poses a major risk to hundreds of millions of devices, because it can infect non-jailbroken devices without the user's knowledge.

 

The Trojan, dubbed AceDeceiver by security firm PaloAlto Networks, installs itself on iOS devices without enterprise certificates.

 

"AceDeceiver is the first iOS malware we've seen that abuses certain design flaws in Apple's DRM protection mechanism -- namely FairPlay -- to install malicious apps on iOS devices regardless of whether they are jailbroken," Claud Xiao, a security researcher from Palo Alto Networks, wrote in a blog post Wednesday.

 

FairPlay is Apple's technical system for ensuring people can not steal apps from the App Store.

But via an attack technique called FairPlay Man-in-the-Middle (MITM), hackers can install malicious apps on iOS devices without a victim's knowledge while at the same time bypassing Apple's other security measures.

 

"In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by the victim," Xiao explained in the blog post.

 

Palo Alto notes that this FairPlay technique has been in use since 2013, mainly as a way to spread pirated iOS apps.

But AceDeceiver marks the first time that it's been used to spread malware.

 

With AceDeceiver, the victim first downloads a Windows program named Aisi Helper, which purports to be software that provides jailbreaking, system backup, device management and system cleaning.

 

Once installed, the PC client automatically installs the most recent malicious iOS app to any connected iOS device, Xiao explained.

 

The malicious app provides a connection to a third party app store controlled by the attacker.

From there it's basic phishing: Users are prompted to enter their Apple IDs and passwords to gain access to more features.

 

As of today, AceDeceiver only affects users in mainland China. However, the security firm warns that AceDeceiver is indicative of a bigger problem: That there is a relatively easy way for malware to infect non-jailbroken iOS devices.

 

PaloAlto expects to see other attackers copy the FairPlay MITM technique, especially considering that the flaw hasn't been patched.

When a patch does arrive, the attack will likely still work on older versions of iOS systems.

 

PaloAlto reported the malware to Apple on February 26.

 

 

Source:

http://www.zdnet.com/article/ios-malware-acedeceiver-can-infect-non-jailbroken-apple-devices/#ftag=RSSbaffb68

76c90dd0e79a714317a8daeecc1584d2.png

  • FPCH Staff
Posted
If I read this right, to be infected, you need to first download Aisi Helper onto a Windows machine. Then connect an iOS device. So if you don't use a Windows machine, there's no need to worry about this malware.
Posted

That was how I read it as well.

I think what they are getting at is that a vulnerability in 'FairPlay' is used and this could be the start of other hackers using it as well.

76c90dd0e79a714317a8daeecc1584d2.png

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...