Blog

AceDeceiver Malware Exploits iOS Vulnerability

iOSmalWith the announcement of the new iPhone 6SE, Apple has been all over the news. However, users in China have to worry about a new malware. The malware, called AceDeceiver, is mainly limited to iPhone users who install pirated apps or software, or jailbreak their phones.

AceDeceiver exploits flaws found in Apple’s FairPlay Digital Rights Management (DRM) technology. The DRM technology bypasses the normally required enterprise certificate security measure and installs itself. The vulnerabilities in Apple’s DRM technology have been exploited in the past by people looking to download pirated apps, but this is the first time the vulnerability has been exploited to spread malware. This method of spreading pirated iOS apps is called “FairPlay Man-In-The-Middle (MITM)”.

Apple lets users buy and download iOS apps through iTunes, which can run on a user’s computer. The users then install the apps onto their iOS devices through the computer. When iOS devices download an app from the App Store, the device first asks Apple’s servers for an authorization code that proves the app was purchased by a user. In the FairPlay MITM attack, the authorization code gets intercepted before it gets to the iOS device. The attackers then use a PC software called Aisi Helper to install malware onto the iOS device without the user’s knowledge. Aisi Helper lets users install apps without paying for them, and the attackers can also discretely install malicious apps onto iPhones and other iOS devices.

Three malicious AceDeceiver apps found their way onto the App Store between July 2015 and February 2016 after disguising themselves as wallpaper apps. The AceDeceiver apps passed the normally difficult iOS app review process at least seven times. AceDeceiver has been alarming to security experts because the malware can also affect phones that haven’t been jailbroken, like iOS devices in the US. Apple hasn’t sent out a patch for it yet, but even if they do, this type of attack could still work on users who have old iOS versions on their devices.

The malware shows how companies need to follow best practices for endpoint security to keep their organizations safe.

  1. Companies should create clear policies that detail the specific devices that can be used for work. Not all devices are secure enough to use in enterprise settings. When creating BYOD policies, companies should consult their IT teams and test managers to make sure their policies include devices that are enterprise ready.
  2. Organizations can increase device security by creating user credentials for their employees. The user credentials can require two-factor authentication for access, which adds another layer of safety. Employees can use physical tokens or secondary security codes to access their company devices.
  3. Compliance-mandatory policies can help reduce risk when employees leave the company, or if a device gets compromised. The policy should be legal and include protocols that detail what happens if a device gets lost, stolen, or hacked.

Companies that have BYOD policies for their employees need comprehensive cyber threat detection so malware doesn’t slip into the network. Promisec Endpoint Manager (PEM) can see when unauthorized software is installed on a device. This is especially useful in FairPlay MITM attacks, where the user doesn’t even know that the malware has been installed onto their devices. With continuous malware protection and network monitoring, companies won’t have to worry about security risks through BYOD policies.