Although the iPhone is generally considered safer from viruses and malware than Androids, Apple products are not immune from threats. In2016 we have seen an increase in the number of threats directed specifically to Apple devices. One of the biggest drawbacks to jailbreaking is that it can make your phone or iPad more vulnerable to these attacks. In particular, hackers have used old versions of Apple’s Xcode to launch malicious apps on jailbroken phones.
Now a new malware has been discovered among users in China and it appears to be malware that is not dependent on a jailbreak. The malware, known as AceDeceiver, managed to get around the App review board for iTunes’ App Store. AceDeceiver is so deceptive it can even install apps on any iOS device without the user even knowing it.
AceDeceiver requires a PC to deploy the software. Palo Alto researchers have discovered that the hackers behind the malware were able to crack Apple’s FairPlay digital rights management (DRM) system with a technique called FairPlay Man-in-the-Middle. The diagram below shows how the so-called MIM attack works.
In an MITM attack, hackers buy an app from the store and then intercept and save the authorization code. The authorization code is sent by Apple to a PC every time a user initiates an app purchase.
The malicious hackers also created PC software that simulates the iTunes client. This lets the software essentially trick iOS devices into believing the malware iOS app that it is going to download is a real and legitimate purchase. This is the procedure the malware uses to outflank your iOS device without you even being aware of or granting permission for the download and install. You may see the new app icon later on, but this is only after the installation has been completed without your authorization.
The team from Palo Alto Networks found out that between July 2015 and February 2016, three AceDeceiver iOS apps were accepted in the official iOS App Store. The apps posed as wallpaper apps, thus giving attackers the fake authorization codes that are needed in these attack. The apps bypassed Apple’s review team at least seven times. They did this by using a trick, geofencing to adjust its behavior depending on the geographical region. In these instances, the apps only had malicious components for users living in China.
So what has Apple done to protect your iPhone from this malware? The company has removed the known apps, but the AceDeceiver attack could still be a danger to Chinese iPhone users, since the hackers still have authorization codes from Apple.
You also need to be on the lookout for another attack, which installs malicious code on iPhones. This is a Windows app that makes it look like it is helping users manage their iOS devices. This app is named Aisi Helper, and it says it can jailbreak, reinstall, backup your system and clean your system, just like any other system management app. Unfortunately, this app actually works in sync with the stolen authentication codes and certificates, meaning it too can silently install malicious iOS apps on smartphones. The malicious apps direct you to a third-party app store, where some people are fooled into entering their Apple ID and password.
If you have an iPhone and do not live in China, you do not need to worry about the malware right now. However, you should heed all previous warnings about not installing apps that come from third-parties. Apple has removed the apps. The hackers with authentication codes appear to be limited to the Chinese mainland.