The Hacker News Logo
Subscribe to Newsletter

Warning — Hackers can Silently Install Malware to Non-Jailbroken iOS Devices

how-to-hack-iphone
Hard time for mobile phone users!

Just recently, two severe vulnerabilities in Qualcomm Snapdragon chip and Stagefright were spotted on the Android platform, affecting more than a Billion and Millions of devices respectively.

And now:

Hackers have discovered a new way to install malicious apps onto your iPhone without your interaction.

Researchers at Palo Alto Networks have uncovered a new strain of malware that can infect Non-Jailbroken (factory-configured) iPhones and iPads without the owner's knowledge or interaction, leaving hundreds of millions of Apple iOS devices at risk.

Dubbed AceDeceiver, the iPhone malware installs itself on iOS devices without enterprise certificates and exploits designing flaws in Apple's digital rights management (DRM) protection mechanism called FairPlay.

What's more concerning about this malware:

Unlike most iOS malware, AceDeceiver works on factory-configured (non-jailbroken) iOS devices as well.

FairPlay is an Apple's software program that prevents people from stealing purchased apps from its official App Store.
apple-iphone-hack
However, with the help of AceDeceiver's "FairPlay Man-in-the-Middle (MITM) technique," hackers can install malicious apps on your iPhone even without your knowledge, simultaneously bypassing Apple's other security defenses.

According to researchers, the FairPlay Man-In-The-Middle (MITM) technique has been in use since 2013, as a way to distribute pirated iOS apps.
"In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code," Claud Xiao from Palo Alto Networks explains in a blog post. "They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by the victim."
However, this is the first time the FairPlay technique has been used to spread malware on iOS devices, as the creator of the pirated software can install potentially malicious apps without your knowledge.

Currently, the malicious behaviors related to AceDeceiver has been spotted in China, but researchers warn that the malware could be easily configured to target iPhone users of other geographic regions as well.

For more details, you can head on to Palo Alto Networks' blog post about the AceDeceiver threat.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.