According to security researchers at Palo Alto Networks, the new malware can infect your iOS device even if it isn’t jailbroken.
While iOS devices such as the iPhone and iPad are generally considered to be safer than their Android counterparts, we have seen infections in the past. Most of them have targeted jailbroken iPhones, or involved sneaking malicious apps into the Apple App Store.
New malware can affect iOS devices, jailbroken or not
Now a new family of malware has been discovered that can install infected apps on your phone without it being jailbroken. The malware is known as AceDeceiver, and uses vulnerabilities in Apple’s FairPlay DRM (digital rights management) software to infiltrate devices.
“AceDeceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism – namely FairPlay – to install malicious apps on iOS devices regardless of whether they are jailbroken,” Palo Alto Networks explained.
“This technique is called ‘FairPlay Man-In-The-Middle (MITM)’ and has been used since 2013 to spread pirated iOS apps, but this is the first time we’ve seen it used to spread malware.”
PC tool also to blame for malware infection
If you buy an app from the PC version of iTunes, your iOS device will request an authorization code so that it knows you bought it legally. However hackers have managed to find a way to intercept and save this code. The security firm said that the attack is made possible due to a suspect PC tool.
“They then developed PC software that simulates the iTunes client behaviours, and tricks iOS devices to believe the app was purchased by (the) victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user’s knowledge,” Palo Alto Networks continued.
The PC software is called Aisi Helper, and it is purportedly a jailbreaking, backup and device management tool. “But what it’s also doing is surreptitiously installing the malicious apps on any iOS device that is connected to the PC on which Aisi Helper is installed,” said Palo Alto Networks.
Aisi Helper was not always dodgy, says Chinese site
These suspect apps then connect to third-party app stores in China, which are known for selling pirated apps, before asking users to type in their Apple ID login in order to access more features. According to a Chinese website, Aisi Helper was first released in 2014 and at first did not show any signs of being dodgy, boasting more than 6.6 million monthly active users.
From July 2015 to February 2016 there were three AceDeceiver iOS apps in the App Store, purportedly offering wallpapers. However they were passing attackers the fake authorization codes needed to attack iOS devices.
They went undetected because they use geofencing to target its attacks. According to Palo Alto Networks the infections have so far been limited to mainland China. The company warned that the fact that jailbreaking is not necessary for an infection to occur means that it could spread around the world.
Hackers are using innovative methods to try and break down the famous security of iOS devices, and Apple will have to be on its toes in order to keep users safe. It was previously thought that users who did not jailbreak their phones would be safe, but AceDeceiver has proven that this is not necessarily the case.