Connect with us

New ‘AceDeceiver’ iOS trojan found in China can bypass Apple’s DRM

Apple News

New ‘AceDeceiver’ iOS trojan found in China can bypass Apple’s DRM

Stock, non-jailbroken iOS devices appear to be vulnerable to a new security threat; a trojan known as AceDeceiver, which can be installed on an iOS device without the user’s knowledge and without the help of an enterprise certificate. Once installed, it will spread malware and unwanted software to the user’s device.

AceDeceiver works by taking advantage of the FairPlay digital rights management (DRM) system that Apple has in place, through what’s called a “FairPlay Main-in-the-Middle,” as Palo Alto Networks calls it. In the past, this same method has been used to distribute pirated iOS apps by using fake iTunes software, as well as altered authorization codes. That same technique is now being used to spread the trojan.

“Apple allows users purchase and download iOS apps from their App Store through the iTunes client running in their computer. They then can use the computers to install the apps onto their iOS devices. iOS devices will request an authorization code for each app installed to prove the app was actually purchased. In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code.

 They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user’s knowledge.”

It’s been discovered that from July 2015 to February 2016, at least three different AceDeceiver apps were uploaded to the official iOS App Store. They were apparently posing as wallpaper apps, and it gave those behind the apps fake authorization codes to use in the attack. On top of that, a Windows-based iPhone management app called “Aisi Helper” (which claimed to offer system backup services), has been used to install malicious iOS apps to iOS devices that are connected directly to the PC. It did so by offering access to a third-party app store, which offered free apps. That third-party app store could only be accessed by inputting the user’s Apple ID and password, to which it immediately became available to the attackers.

Apple officially removed the AceDeceiver apps in February, however the infection is still present on devices where it was installed because the authorization codes are still in the hands of the attackers. And while a fix may come in a patch down the road, it’s possible that older devices, even after a patch is released, could still suffer from the trojan.

How to protect yourself

If you use a Windows machine, avoid downloading sketchy software. If you downloaded Aisi Helper, remove it immediately. Those with Macs will be unable to run the Aisi Helper tool, but there’s no telling whether or not this could change in the future.

If prompted to enter your Apple ID for any reason, ensure that you’re entering it into a legitimate Apple app only, and never for a third-party app. Due to App Store restrictions, a third-party app should never ask for access to your Apple ID, so any third-party app asking for it should throw up red flags for you immediately.

Other steps to take, as recommended by Palo Alto Networks, include:

  • Check to make sure no strange enterprise certificates have been installed on your device
  • Check to make sure no strange provisioning profiles have been installed on your device
  • Enable two-factor authentication for your Apple ID
  • Change your Apple ID password as soon as possible

[Source

Stock, non-jailbroken iOS units seem to be liable to a brand new safety risk; a trojan referred to as AceDeceiver, which can be put in on an iOS software with out the consumer’s wisdom and with out the assistance of an undertaking certificates. Once put in, it is going to unfold malware and undesirable tool to the consumer’s tool.

AceDeceiver works through making the most of the FairPlay virtual rights control (DRM) device that Apple has in position, thru what’s referred to as a “FairPlay Main-in-the-Middle,” as Palo Alto Networks calls it. In the previous, this similar way has been used to distribute pirated iOS apps via the use of pretend iTunes device, in addition to altered authorization codes. That comparable method is now getting used to unfold the trojan.
“Apple lets in customers acquire and obtain iOS apps from their App Store in the course of the iTunes consumer operating in their pc. They then can use the computer systems to put in the apps onto their iOS units. iOS units will request an authorization code for each and every app put in to turn out the app used to be in reality bought. In the FairPlay MITM assault, attackers acquire an app from App Store then intercept and store the authorization code.
 They then evolved PC device that simulates the iTunes consumer behaviors, and tips iOS units to consider the app used to be bought through sufferer. Therefore, the consumer can set up apps they by no means in reality paid for, and the author of the device can set up probably malicious apps with out the consumer’s wisdom.”
It’s been found out that from July 2015 to February 2016, no less than 3 other AceDeceiver apps have been uploaded to the respectable iOS App Store. They have been it seems that posing as wallpaper apps, and it gave the ones at the back of the apps pretend authorization codes to make use of in the assault. On most sensible of that, a Windows-primarily based iPhone control app referred to as “Aisi Helper” (which claimed to provide device backup products and services), has been used to put in malicious iOS apps to iOS units which might be hooked up instantly to the PC. It did so through providing get right of entry to to a 3rd-birthday party app retailer, which presented loose apps. That 3rd-birthday party app retailer may just handiest be accessed through inputting the consumer’s Apple ID and password, to which it right away become to be had to the attackers.

Apple formally got rid of the AceDeceiver apps in February, on the other hand the an infection continues to be provide on units the place it used to be put in since the authorization codes are nonetheless in the arms of the attackers. And at the same time as a repair would possibly come in a patch down the street, it’s imaginable that older units, even after a patch is launched, may just nonetheless be afflicted by the trojan.

How to offer protection to your self


If you employ a Windows device, steer clear of downloading sketchy tool. If you downloaded Aisi Helper, eliminate it instantly. Those with Macs will not be able to run the Aisi Helper software, however there’s no telling whether or not or now not this is able to amendment in the longer term.

If caused to go into your Apple ID for any explanation why, be sure that you’re getting into it into a valid Apple app best, and not for a 3rd-birthday party app. Due to App Store regulations, a 3rd-birthday party app will have to by no means ask for get entry to for your Apple ID, so any 3rd-birthday celebration app soliciting for it will have to throw up purple flags for you right away.

Other steps to take, as beneficial via Palo Alto Networks, come with:
  • Check to ensure no odd undertaking certificate were put in in your tool
  • Check to ensure no abnormal provisioning profiles were put in in your software
  • Enable -issue authentication on your Apple ID
  • Change your Apple ID password once imaginable

[Source
Comments

More in Apple News

Popular

Featured

Advertisement
To Top