New AceDeceiver iOS malware could fuel a new generation of iPhone and iPad exploits

ios 9 3 1 update universal links bug iphone connected to computer 01
Apple Stack Exchange
Listen up! A new family of iOS malware has been discovered by Palo Alto Networks, and it can affect all iPhones and iPads. However, this isn’t your normal run-of-the-mill iOS malware.

Dubbed AceDeceiver, this malware is able to install itself without an enterprise certificate, unlike previous iOS malware that abused enterprise certificates in order to infect devices. This is also the first iOS malware that exploits design flaws in Apple’s DRM protection mechanism, FairPlay, which means that it can infect devices that aren’t jailbroken.

How AceDeceiver works

The malware initiates itself from a Windows PC with iTunes running on it. Apple allows you to purchase apps from the iTunes client that later get installed on your iOS device. During that process, your device requests an authorization code to prove these apps were actually purchased. This is the FairPlay DRM protection mechanism AceDeceiver exploits.

The technique is known as FairPlay Man-In-The-Middle (MITM), which consists of the attacker purchasing an app from the App Store and intercepting the authorization code.

The attacker uses specifically developed software on the PC side that simulates the iTunes client to trick your iOS device into believing an app was purchased, thus making it easy to install malicious apps from a third-party app store without you even knowing it.

The graphic below gives you a visual of how it works.


The FairPlay MITM technique has been in use since 2013 to spread pirated iOS apps, but this is the first time it’s being used to spread malware.

Unfortunately, the report didn’t specify exactly what the malware does once it takes up residence on your device. Malware generally consists of malicious code that’s used to either gain access to a device to steal information or to render the device useless.

The Windows client used to carry out the attack is called Aisi Helper. Created in 2015, Aisi Helper is marketed as a software that provides system re-installation, jailbreaking, system backup, device management, and system cleaning for iOS devices. However, it can also install malicious apps on any iOS device connected to a computer that the Aisi Helper software is installed on. These malicious apps can connect to a third-party app store to download iOS apps or games, and they encourage users to enter their Apple IDs and passwords for more features. And of course, these IDs and passwords get uploaded to AceDeceiver’s server.

It was also discovered that AceDeceiver was able to spread without a PC. Palo Alto revealed three different iOS apps in the AceDeceiver family that were uploaded to the official App Store between July 2015 and February 2016: 壁纸助手 (which roughly translates to “Wallpaper Assistant”), AS Wallpaper, and i4picture. What’s scary about this is that all three apps bypassed Apple’s code review at least seven times because each app behaved differently based on the physical geographic region. These apps only displayed malicious behaviors if the devices were in China.

Apple removed all three apps from the App Store after Palo Alto reported them. However, Palo Alto says the attack is still viable because the FairPlay MITM attack only needs these apps to be available in the App Store once. If an attacker obtains a copy of the authorization from Apple, these apps could be spread to other devices without them physically being in the App Store.

At the moment, AceDeceiver only affects iPhone and iPad users in China, but based on the fact that it can affect non-jailbroken iOS devices, Palo Alto thinks we could see it spread to more regions soon. This could be from the original attacker or a completely new attack based on a similar technique.

How to protect yourself

Chances are very slim that you currently have the AceDeceiver malware on your iPhone or iPad. As of right now, Palo Alto estimates about 15 million people used the Aisi Helper software, and they are all in China. That sounds like a high number, but when you consider all the iPhones and iPads worldwide, it’s a small percentage. However, you still need to keep some things in mind since it’s likely that similar attacks will take place in different regions.

The first obvious thing you need to do is avoid the Aisi Helper software. However, as Palo Alto warns, versions of the software under a different name could be out in the wild. We recommend that you avoid any third-party software for iOS devices. If it wasn’t developed by Apple, stay away from it.

If you did fall victim to installing malicious PC software, the app(s) that it installs on your iPhone or iPad will at least be visible with an icon. You should immediately uninstall any apps that you know you didn’t install yourself.

You also want to make sure to avoid any third-party app stores, and more importantly, never input your Apple ID and password in any third-party app that promises to give you the same apps and games you can get from the official App Store.

It’s also important that you always download and install the latest version of iOS. Now that Apple has all the necessary information regarding AceDeceiver, it will likely issue a patch in a future update. However, older versions of the iOS software will still be vulnerable.

This is a very complicated exploit so we encourage you to check out the full report from Palo Alto Networks on AceDeceiver for more information.


Apple's iOS 13 Beta 2 is available to developers -- here are the changes

Apple announced iOS 13 during the keynote presentation at its 2019 Worldwide Developer Conference. This is the next version of its mobile operating system, which will come to an iPhone, iPad, or iPod near you soon.

Need a new tablet? Here are the best Apple iPad deals for June 2019

In the wide world of tablets, Apple is still the king. If you're on team Apple and just can't live without iOS, we've curated an up-to-date list of all of the best iPad deals currently available for June 2019.

Your smartphone knows all your secrets. Put it on lockdown with these tips

Having your smartphone hacked can feel like someone robbed your house. It's a massive invasion of privacy and a violation of your personal space. We've put together a checklist of precautions that will help you avoid this terrible fate.
Movies & TV

Best new podcasts: Two Princes, Adulting, Man in the Window, and more

Feel like you’re drowning in podcasts? In this weekly series, we’ll help you pick out the best of the new and returning shows. This week’s picks include a modern fairytale, growing up, the Golden State Killer, and Stonewall at 50.

You can delete Snapchat messages in a snap with these simple tips

If you've ever sent a message to someone and wish you could delete it, Snapchat has a feature you'll like. Yes, it lets you delete messages you've already sent. There are some limitations, though. Here's how to delete Snapchat messages.

T-Mobile and Sprint may sell $6 billion in assets to win merger approval

T-Mobile and Sprint are getting closer to merging. After a few failed attempts, the two companies announced their merger at the start of 2018. The new T-Mobile could be better positioned to take on the likes of Verizon and AT&T.

Report: Samsung will launch the Galaxy Note 10 on August 7 in New York

According to a new report, Samsung will launch the Galaxy Note 10 at an event on August 7 in New York City. The news lines up with last year's event, which took place on August 9, and was also in New York.

Google may speed up the rollout of RCS Chat by taking over for carriers

What is RCS messaging? It's the successor to today's text messaging. It offers features like real-time audio, read receipts, and encryption, but adoption so far has been slow. Here's everything you need to know.

The Samsung Galaxy Note 10 may launch on August 7, according to report

The Samsung Galaxy S10 range was only just revealed, but Samsung is already working on the next big release. Not much is known about the Samsung Galaxy Note 10 just yet, but we do have a few details.

Apple drops price cuts on refurbished MacBooks, iPads, and iPhones

Apple's online storefront has some decent discounts if you know where to look. Assuming you're okay with buying refurbished, Apple has some pretty solid savings on iPads, MacBooks, Mac Minis, iPhones, Apple Watches, and more.

Apple offers big discounts on refurbished iPad Mini 4 and iPad Pro 10.5-inch

Apple is clearing out some of its stock of refurbished iPads, offering discounts of up to $180 off various models. You can buy these with confidence: they include a new battery, outer shell, and the same one-year warranty as a brand-new…

Best smartphone deals for June 2019: iPhone, Samsung Galaxy, and LG

Need a better phone but don't want to spend a fortune? It's never a bad time to score a new smartphone and save some cash. We rounded up the best smartphone deals available that can save you as much as $900.

Stay fit and save cash with our top 10 affordable Fitbit alternatives

As much as we love Fitbits, they're rather expensive. If all you want is a simple activity tracker, however, then check out these great cheap Fitbit alternatives. With offerings from brands like Garmin, you don't need to pay full price.
Smart Home

We tested anti-snoring devices on our loudest friends. Here’s what worked

If your partner snores and it keeps you up at night, you may be interested in the latest anti-snoring technology. We tested out a few different gadgets to find out what they do and whether they work or not.