Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

AceDeceiver trojan infects iOS devices by exploiting flaws in DRM design

By Cookie Monster - on 18 Mar 2016, 12:00am

AceDeceiver trojan infects iOS devices by exploiting flaws in DRM design

 Image source: Palo Alto Networks

Apple's iOS isn't as secure as before; another family of iOS malware, AceDeceiver has been discovered by cybersecurity firm Palo Alto Networks which can infect iOS devices through PCs.

Unlike previous iOS malware which exploited enterprise certificates, AceDeceiver takes advantage of the design flaws in Apple's DRM mechanism via FairPlay Man-In-The-Middle (MITM)  to install malicious apps on iOS devices even if they are not jailbroken.

This technique has been used since 2013 to spread pirated iOS apps and it is the first time being used to spread malware. Below is excerpt from the article posted by Palo Alto Networks on how AceDeceiver works:

"Apple allows users purchase and download iOS apps from their App Store through the iTunes client running in their computer. They then can use the computers to install the apps onto their iOS devices. iOS devices will request an authorization code for each app installed to prove the app was actually purchased. In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user’s knowledge."

Palo Alto Networks claims that three AceDeceiver iOS apps posing as wallpaper apps were submitted and uploaded to the Apple App Store. One of the apps is a Windows iPhone management app called the "Aisi Helper" which claims to provide system re-installation, backup and device management. Free content within these apps is used to lure iOS users to submit their Apple IDs and passwords which are then uploaded to AceDeceiver's server. 

Although this malicious app affected users in China, Palo Alto Networks warns that it may affect more countries soon. Even though Apple has removed these apps from the App Store, hackers are still able to carry out attacks as they still have the necessary authorization codes to install fake apps on iOS devices. 

The standard list of precautionary measures for downloading apps on mobile devices still apply; you are advised not to install any suspicious software that claims to manage your device. If you've downloaded and installed any, uninstall and delete them immediately. Change your Apple ID and password too.

Source: Palo Alto Networks via MacRumors


Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.