New AceDeceiver iOS malware could fuel a new generation of iPhone and iPad exploits

ios 9 3 1 update universal links bug iphone connected to computer 01
Apple Stack Exchange
Listen up! A new family of iOS malware has been discovered by Palo Alto Networks, and it can affect all iPhones and iPads. However, this isn’t your normal run-of-the-mill iOS malware.

Dubbed AceDeceiver, this malware is able to install itself without an enterprise certificate, unlike previous iOS malware that abused enterprise certificates in order to infect devices. This is also the first iOS malware that exploits design flaws in Apple’s DRM protection mechanism, FairPlay, which means that it can infect devices that aren’t jailbroken.

How AceDeceiver works

The malware initiates itself from a Windows PC with iTunes running on it. Apple allows you to purchase apps from the iTunes client that later get installed on your iOS device. During that process, your device requests an authorization code to prove these apps were actually purchased. This is the FairPlay DRM protection mechanism AceDeceiver exploits.

The technique is known as FairPlay Man-In-The-Middle (MITM), which consists of the attacker purchasing an app from the App Store and intercepting the authorization code.

The attacker uses specifically developed software on the PC side that simulates the iTunes client to trick your iOS device into believing an app was purchased, thus making it easy to install malicious apps from a third-party app store without you even knowing it.

The graphic below gives you a visual of how it works.

AceDeceiver_Graphic_01

The FairPlay MITM technique has been in use since 2013 to spread pirated iOS apps, but this is the first time it’s being used to spread malware.

Unfortunately, the report didn’t specify exactly what the malware does once it takes up residence on your device. Malware generally consists of malicious code that’s used to either gain access to a device to steal information or to render the device useless.

The Windows client used to carry out the attack is called Aisi Helper. Created in 2015, Aisi Helper is marketed as a software that provides system re-installation, jailbreaking, system backup, device management, and system cleaning for iOS devices. However, it can also install malicious apps on any iOS device connected to a computer that the Aisi Helper software is installed on. These malicious apps can connect to a third-party app store to download iOS apps or games, and they encourage users to enter their Apple IDs and passwords for more features. And of course, these IDs and passwords get uploaded to AceDeceiver’s server.

It was also discovered that AceDeceiver was able to spread without a PC. Palo Alto revealed three different iOS apps in the AceDeceiver family that were uploaded to the official App Store between July 2015 and February 2016: 壁纸助手 (which roughly translates to “Wallpaper Assistant”), AS Wallpaper, and i4picture. What’s scary about this is that all three apps bypassed Apple’s code review at least seven times because each app behaved differently based on the physical geographic region. These apps only displayed malicious behaviors if the devices were in China.

Apple removed all three apps from the App Store after Palo Alto reported them. However, Palo Alto says the attack is still viable because the FairPlay MITM attack only needs these apps to be available in the App Store once. If an attacker obtains a copy of the authorization from Apple, these apps could be spread to other devices without them physically being in the App Store.

At the moment, AceDeceiver only affects iPhone and iPad users in China, but based on the fact that it can affect non-jailbroken iOS devices, Palo Alto thinks we could see it spread to more regions soon. This could be from the original attacker or a completely new attack based on a similar technique.

How to protect yourself

Chances are very slim that you currently have the AceDeceiver malware on your iPhone or iPad. As of right now, Palo Alto estimates about 15 million people used the Aisi Helper software, and they are all in China. That sounds like a high number, but when you consider all the iPhones and iPads worldwide, it’s a small percentage. However, you still need to keep some things in mind since it’s likely that similar attacks will take place in different regions.

The first obvious thing you need to do is avoid the Aisi Helper software. However, as Palo Alto warns, versions of the software under a different name could be out in the wild. We recommend that you avoid any third-party software for iOS devices. If it wasn’t developed by Apple, stay away from it.

If you did fall victim to installing malicious PC software, the app(s) that it installs on your iPhone or iPad will at least be visible with an icon. You should immediately uninstall any apps that you know you didn’t install yourself.

You also want to make sure to avoid any third-party app stores, and more importantly, never input your Apple ID and password in any third-party app that promises to give you the same apps and games you can get from the official App Store.

It’s also important that you always download and install the latest version of iOS. Now that Apple has all the necessary information regarding AceDeceiver, it will likely issue a patch in a future update. However, older versions of the iOS software will still be vulnerable.

This is a very complicated exploit so we encourage you to check out the full report from Palo Alto Networks on AceDeceiver for more information.

Mobile

Yubico has a new Lightning-based YubiKey to lock down your iOS devices

Yubioco announced at CES 2019 that received approval for a Lightning key that is currently in private testing, which means there will soon be a safe and secure way to use a physical security key with your iOS device.
Mobile

Everything we know about the Nokia 6.2, which might arrive in January

The Nokia 6.1 was our favorite budget phone of 2018, so we were always going to get excited when details of a successor came to light. However, the Nokia 6.2 will exceed those expectations if leaks are true.
Mobile

Keep up-to-date with the best news apps on iPhone and Android

Are the days of traditional newspapers and broadcast news dwindling? With apps this good, maybe. Catch up on the latest headlines on any platform with the best news apps on iOS and Android.
Smart Home

Yale and August partner on new smart locks for the new year

Locks from Yale, a major traditional lock vendor, and smart lock pioneer August made their debut at CES 2019. These new products range from single-hole keyed models with keypads to web-connected deadbolts
Mobile

If you're looking for a good laugh, here are 70 questions to ask Siri

Siri has come a long way since her first appearance on the iPhone 4S in 2011. We know she can make appointments and give directions, did you know she can make you laugh too? If you want proof, here are lots of funny questions to ask Siri.
Mobile

Benchmark results show Snapdragon 855 destroys previous-generation chip

Almost exactly a year after the launch of the Snapdragon 845, Qualcomm took the wraps off of its next-generation mobile platform, the new Snapdragon 855. The new chip puts an emphasis on A.I. performance.
Mobile

AT&T jumps the gun with deliberately misleading 5GE launch

As excitement about 5G networks continues to build, AT&T jumps the gun with a ridiculous and deliberate attempt to deceive the public with 5G Evolution – a speed bump that’s based on improvements to 4G tech.
Mobile

We tried all the latest and greatest smartphones to find the best of 2019

Smartphones are perhaps the most important and personal piece of tech on the planet. That’s why it’s important to pick the best phone for your individual needs. Here are the best smartphones you can buy.
Mobile

On a budget? We found the best affordable smartphones you can buy

Here are the best cheap phones for anyone working with a tight budget, whether you're a fan of stock Android or marathon battery life. Find out what you can get for under $500 or far, far less as we round up the best budget smartphones.
Mobile

Apple’s official iPhone XS battery case is finally here

Apple has been rumored to be working on a new iPhone battery case for the iPhone XS, iPhone XS Max, and iPhone XR. Now, those new cases are finally here, offering seven hours of extra use for each iPhone and are available for $129.
Social Media

Twitter extends its new timeline feature to Android users

Twitter users with an Android device can now quickly switch between an algorithm-generated timeline and one that shows the most recent tweets first. The new feature landed for iPhone users last month.
Mobile

Apple’s iPhone battery offer was reportedly way more popular than expected

As many as 11 million iPhone owners reportedly made use of Apple's cheaper battery replacement offer that launched in 2018 in response to the iPhone throttling debacle — some 10 times more than the company had apparently expected.
Mobile

Rekindled yet again, Nokia’s next-gen phones offer more than just nostalgia

HMD Global, a startup that designs and builds Nokia Android smartphones, wants to put the Nokia brand name back “where it belongs.” It helps that it’s made up of ex-Nokia employees. We go behind the scenes to see how HMD formed.
Mobile

Could this be our first look at the design of the 2019 iPhone?

While it's not been long since the last iPhones launched, rumors for the next iPhone are already surfacing. Apple's 2019 flagship could include a variety of upgrades ranging from a new design to enhanced features.