Latest in Gear

Image credit: Xaume Olleros/Bloomberg via Getty Images

iOS malware uses copy protection to infect 'pure' devices

AceDeceiver uses exploits in Apple's FairPlay system to install rogue apps, even without a jailbreak.
68 Shares
Share
Tweet
Share

Sponsored Links

Xaume Olleros/Bloomberg via Getty Images

Ne'er-do-wells have so far exploited holes in Apple's FairPlay copy protection primarily to distribute pirated iOS apps, but it now looks like they're turning their energy toward hurting users. Palo Alto Networks says it has discovered AceDeceiver, the first malware that uses FairPlay to infect its targets. Install a bogus iOS management utility for Windows (Aisi Helper) and the software will launch a man-in-the middle attack that grabs app authorization codes and uses those to install infected apps on any iOS device you connect to the system. Unlike many iOS attacks, this doesn't require that the target use a jailbroken device -- the apps are allowed to run as if they were completely legitimate.

It's particularly sneaky, too. While Apple has already pulled relevant apps from the App Store, it doesn't need them to stick around to work. Also, it's not so easy for Apple to catch offenders in the approval process. The example apps purposefully limited their hostile behavior to users located in China, so App Store screeners in California weren't likely to spot any malicious activity.

Palo Alto reported the issue to Apple in late February, but it's not clear whether there's a permanent solution in the works. We've reached out to Apple for details, and we'll let you know if it has something to share. Either way, the practical risk is low in the short term -- don't install Aisi Helper or similar apps. The concern is that intruders will take advantage of inexperienced users, or that a more sophisticated future attack won't require that you install a program first.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
68 Shares
Share
Tweet
Share

Popular on Engadget

Google Stadia controller's wireless capability will be limited at launch

Google Stadia controller's wireless capability will be limited at launch

View
Master & Dynamic's MW07 Plus are much-improved true wireless earbuds

Master & Dynamic's MW07 Plus are much-improved true wireless earbuds

View
Master & Dynamic's MW07 Go is a $199 AirPod alternative

Master & Dynamic's MW07 Go is a $199 AirPod alternative

View
California's statewide earthquake alert system launches Thursday

California's statewide earthquake alert system launches Thursday

View
Skydio's station lets self-flying drones work around the clock

Skydio's station lets self-flying drones work around the clock

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr