New AceDeceiver iOS malware could fuel a new generation of iPhone and iPad exploits

ios 9 3 1 update universal links bug iphone connected to computer 01
Apple Stack Exchange
Listen up! A new family of iOS malware has been discovered by Palo Alto Networks, and it can affect all iPhones and iPads. However, this isn’t your normal run-of-the-mill iOS malware.

Dubbed AceDeceiver, this malware is able to install itself without an enterprise certificate, unlike previous iOS malware that abused enterprise certificates in order to infect devices. This is also the first iOS malware that exploits design flaws in Apple’s DRM protection mechanism, FairPlay, which means that it can infect devices that aren’t jailbroken.

How AceDeceiver works

The malware initiates itself from a Windows PC with iTunes running on it. Apple allows you to purchase apps from the iTunes client that later get installed on your iOS device. During that process, your device requests an authorization code to prove these apps were actually purchased. This is the FairPlay DRM protection mechanism AceDeceiver exploits.

The technique is known as FairPlay Man-In-The-Middle (MITM), which consists of the attacker purchasing an app from the App Store and intercepting the authorization code.

The attacker uses specifically developed software on the PC side that simulates the iTunes client to trick your iOS device into believing an app was purchased, thus making it easy to install malicious apps from a third-party app store without you even knowing it.

The graphic below gives you a visual of how it works.

AceDeceiver_Graphic_01

The FairPlay MITM technique has been in use since 2013 to spread pirated iOS apps, but this is the first time it’s being used to spread malware.

Unfortunately, the report didn’t specify exactly what the malware does once it takes up residence on your device. Malware generally consists of malicious code that’s used to either gain access to a device to steal information or to render the device useless.

The Windows client used to carry out the attack is called Aisi Helper. Created in 2015, Aisi Helper is marketed as a software that provides system re-installation, jailbreaking, system backup, device management, and system cleaning for iOS devices. However, it can also install malicious apps on any iOS device connected to a computer that the Aisi Helper software is installed on. These malicious apps can connect to a third-party app store to download iOS apps or games, and they encourage users to enter their Apple IDs and passwords for more features. And of course, these IDs and passwords get uploaded to AceDeceiver’s server.

It was also discovered that AceDeceiver was able to spread without a PC. Palo Alto revealed three different iOS apps in the AceDeceiver family that were uploaded to the official App Store between July 2015 and February 2016: 壁纸助手 (which roughly translates to “Wallpaper Assistant”), AS Wallpaper, and i4picture. What’s scary about this is that all three apps bypassed Apple’s code review at least seven times because each app behaved differently based on the physical geographic region. These apps only displayed malicious behaviors if the devices were in China.

Apple removed all three apps from the App Store after Palo Alto reported them. However, Palo Alto says the attack is still viable because the FairPlay MITM attack only needs these apps to be available in the App Store once. If an attacker obtains a copy of the authorization from Apple, these apps could be spread to other devices without them physically being in the App Store.

At the moment, AceDeceiver only affects iPhone and iPad users in China, but based on the fact that it can affect non-jailbroken iOS devices, Palo Alto thinks we could see it spread to more regions soon. This could be from the original attacker or a completely new attack based on a similar technique.

How to protect yourself

Chances are very slim that you currently have the AceDeceiver malware on your iPhone or iPad. As of right now, Palo Alto estimates about 15 million people used the Aisi Helper software, and they are all in China. That sounds like a high number, but when you consider all the iPhones and iPads worldwide, it’s a small percentage. However, you still need to keep some things in mind since it’s likely that similar attacks will take place in different regions.

The first obvious thing you need to do is avoid the Aisi Helper software. However, as Palo Alto warns, versions of the software under a different name could be out in the wild. We recommend that you avoid any third-party software for iOS devices. If it wasn’t developed by Apple, stay away from it.

If you did fall victim to installing malicious PC software, the app(s) that it installs on your iPhone or iPad will at least be visible with an icon. You should immediately uninstall any apps that you know you didn’t install yourself.

You also want to make sure to avoid any third-party app stores, and more importantly, never input your Apple ID and password in any third-party app that promises to give you the same apps and games you can get from the official App Store.

It’s also important that you always download and install the latest version of iOS. Now that Apple has all the necessary information regarding AceDeceiver, it will likely issue a patch in a future update. However, older versions of the iOS software will still be vulnerable.

This is a very complicated exploit so we encourage you to check out the full report from Palo Alto Networks on AceDeceiver for more information.

Mobile

Most Android antivirus apps fail to provide malware protection, study shows

A study by AV-Comparatives analyzed the effectiveness of Android antivirus apps in protecting against the 2,000 most common malware threats. Alarmingly, only 23 of the apps were able to detect 100 percent of the malware samples.
Mobile

Apple iPad Mini 5 vs. iPad Mini 4: What’s new in Apple’s long-awaited refresh?

The long-awaited refresh of the iPad Mini is finally here, but just how big an upgrade does the iPad Mini 5 represent? We compare it to the outgoing iPad Mini 4 in various categories to delve into the differences and pick a winner.
Deals

Need a new tablet? Here are the best iPad deals for March 2019

In the wide world of tablets, Apple is still the king. If you're on team Apple and just can't live without iOS, we've curated an up-to-date list of all of the best iPad deals currently available for March 2018.
Mobile

iPad Air vs. iPad Mini: Which new tablet from Apple is best for you?

Apple has unveiled two new iPad models, including a new iPad Air and a new iPad Mini. Both devices have a lot to offer. But which iPad is right for your needs? We put the iPad Air and iPad Mini to the test to find out.
Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Mobile

Diesel’s denim-inspired smartwatch straps are a casual, colorful must-own

Diesel will release two new versions of the On Full Guard 2.5 smartwatch later this year, with seriously cool, denim-inspired straps in classic Diesel colors. We tried them on at the Baselworld 2019 show.
Movies & TV

Apple’s next big event is set for March 25: Here’s what you can expect

Apple's next big event takes place on March 25 in Cupertino, California. The company is expected to make several announcements related to its services, including Apple TV, so follow our guide to get ready for the big event.
Wearables

Tips and tricks to get you started with your new Fitbit Inspire HR

The Inspire HR may be an entry-level fitness tracker in Fitbit's lineup, but the device still has plenty of features to explore. These are our favorite tips and tricks to help you use the Inspire HR to its fullest potential.
Mobile

How three simple words could be the difference between life and death

What3Words’ app-based address system gives a three-word code to every three-meter-square patch on the planet, with its accuracy and ease of use now catching the attention of first responders in the U.K.
Mobile

The Moto G7 Power, with its massive battery, is now available for purchase

After a number of leaks and rumors, the Motorola Moto G7, Moto G7 Play, and Moto G7 Power are finally here. The devices represent quite a spec bump over the previous-generation Moto G6 phones, yet still come at a reasonable price.
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.
Computing

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.
Mobile

5G's arrival is transforming tech. Here's everything you need to know to keep up

It has been years in the making, but 5G is finally becoming a reality. While 5G coverage is still extremely limited, expect to see it expand in 2019. Not sure what 5G even is? Here's everything you need to know.
Mobile

This is the easiest way to save your iPhone data to your computer

Living in fear of losing your contacts, photos, messages, and notes on your iPhone? Fear no more -- in this guide, we'll break down exactly how to back up your iPhone to your computer using Apple's iTunes or to the cloud with iCloud.