Expert Comments on AceDeceiver – Apple malware

In light of the news that Palo Alto Networks have identified new iPhone malware, here to comment on this news is Guillaume Ross, Senior Security Consultant, Strategic Services, Rapid7.

Guillaume Ross, Senior Security Consultant, Strategic Services, Rapid7:

If you need anything further please do get in touch?

“AceDeceiver, as identified by Palo Alto Networks, is malware that has been spreading on iOS using techniques that have been observed in the past. One of these vectors, using Enterprise Certificates, is a technique often used to install legitimate software developed internally by a company. Since those certificates allow the installation of applications that have not been reviewed by the App Store review process, a stolen certificate can be used to sign malicious software. For individuals or organisations comfortable with using tools such as the Apple Configurator, it is even possible to configure iOS devices to prevent the installation of such profiles completely, which would prevent this attack vector completely. Prompts to install Enterprise Certificates from any source that is not 100% trusted should always be rejected.The second technique uses a man-in-the-middle attack, meaning that credentials are stolen, uploaded, used to obtain copies of applications from the App Store, which are then installed by a helper Windows application when the iOS device is connected to it. To protect against iCloud password theft, users should enable two-factor authentication, and should never enter their iCloud password into a third party application. When an iCloud password prompt is displayed, a good way to find out if the system is prompting for it is to click the home button. If the prompt disappears, the application itself was trying to obtain your iCloud password, which could indicate a phishing attempt.

To spread, AceDeceiver also uses a “helper” application on a Windows PC, where it pretends to be iTunes, and installs the applications on the iOS devices. The helper application claims to provide tools to manage iOS devices. Avoiding third party app stores, jailbreaking tools, as well as never connecting iOS devices to untrusted USB ports can limit the impact this vector can have. Again, for individuals or organisations looking to improve the security of their iOS devices, it is possible to configure them to prevent pairing to computers completely.”