It hasn't been a good year so far for Apple when it comes to security. We recently busted the myth that Macs can't get viruses, and revealed how Apple's overall security strategy has a major flaw. Now, hackers have found a way to slip malicious apps onto stock iPhones and iPads.
Generally, to install a malicious app requires a jailbroken gadget, which means the user turned off Apple's built-in security. However, hackers have found a way around that using a flaw in Apple's app installation system.
The attack relies on two Apple features. The first is the ability to purchase iOS apps using iTunes on a computer and then sending them to an iPhone or an iPad. The second piece of the puzzle is something called FairPlay.
FairPlay is part of Apple's digital rights management system. When you install an app on iOS, FairPlay checks with the App Store to make sure you actually purchased, or chose to download, the app. If you did, the App Store sends back an authorization code.
However, using a "man in the middle" attack, hackers can steal the authorization code for that app. After that, they can use it to trick an iOS gadget into installing the app even if it didn't come from the App Store. Software pirates have been using this technique for years to install legitimate apps without paying for them, but now hackers are using it to deliver malware.
The latest example involves the AceDeceiver malware, which tricks people into giving up their AppleID and password. It shows up in three "wallpaper" apps that got past Apple's screening and made it into the App store for several months. Even though Apple finally removed them after receiving a warning from security researchers at Palo Alto Networks, hackers still got the app authorization codes.
Hackers then created a computer program called Aisi Helper, which claims to be a utility program for iOS gadgets. It says it can backup, jailbreak, clean and perform other maintenance tasks for iOS gadgets. However, when a user with Aisi Helper installed plugs their iPhone or iPad into their computer, the program does something different.
Aisi Helper pretends to be iTunes and sends one of the AceDeceiver apps to the gadget, along with the stolen authorization code. The iOS gadget doesn't know any better, so it installs the app automatically, and you're infected.
At the moment, Aisi Helper is only available in Chinese, which means this attack is only happening in China. However, there's no reason hackers can't adapt it for users in other countries and use a more powerful data-stealing virus like AceCard.
If you regularly plug your iPhone or iPad into a computer, you need to be careful what programs you install. That's true anyway, as the wrong program can infect your computer with other threats like ransomware.