Skip to main content

Security firm discovers first iOS malware that can infect non-jailbroken iPhones w/o enterprise certificate

Non-jailbroken iPhones are usually close to immune from malware thanks to Apple vetting every app before it’s made available in the App Store. So far, malware has relied on abusing enterprise certificates designed to allow companies to distribute apps to their own phones. But security company Palo Alto Networks has discovered a new piece of malware that can infect iPhones by exploiting a vulnerability in Apple’s DRM mechanism.

AceDeceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism — namely FairPlay — to install malicious apps on iOS devices regardless of whether they are jailbroken.

AceDeceiver currently uses a geotag so that it is only activated when a user is located in China, but a simple switch could allow it to infect iPhones elsewhere …

The mechanism used is known as FairPlay Man-in-the-Middle. This is an approach commonly used to distribute pirated iOS apps, but this is the first time it’s been found to install malware.

Apple allows users purchase and download iOS apps from their App Store through the iTunes client running in their computer. They then can use the computers to install the apps onto their iOS devices. iOS devices will request an authorization code for each app installed to prove the app was actually purchased. In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user’s knowledge.

Although Palo Alto Networks notified Apple, which removed the apps, this doesn’t stop the attack from working as the apps only need to have been available in the App Store once for the authorization code to work.

The good news is that so far only Windows PC users are at risk. AceDeceiver relies on tricking iTunes users into installing a helper client which acts as the man-in-the-middle. But Palo Alto Networks says that the mechanism is such an easy route for installing malware that others are likely to copy the approach.

For Mac users, the best advice as always is to keep your security settings to allow only Mac App Store apps to be installed, or failing that Mac App Store and identified developers. This setting can be found under the Apple menu in System Preferences > Security & Privacy > General.

Via TNW

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. PhilBoogie - 9 years ago

    “The good news is that so far only Windows PC users are at risk.”

    [snort]

  2. encogneato - 9 years ago

    I thankfully stopped syncing my iPhone with my computer ever since iOS 5 introduced wireless syncing. I even go so far as to not “trust” my own computers when I plug my phone in to charge. My only question is, if make an app purchase from my computer and then that app gets synced via iCloud to my phone could it still get infected?

  3. 89p13 - 9 years ago

    FBI hackers finally get their tech skills elevated?

    ;)

  4. John Smith - 9 years ago

    Too much effort obstructing law enforcement – not enough effort defeating criminals.

    Apple with their eye off the ball.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications