• > CONGRATULATIONS to our very own Matt (@Smooth) on his change in Marital status! He married Danielle today, Saturday 16th November! We wish then every happiness as they start their married life together... x x <
  • MobiTog Mantra = "Taken with and processed on a Mobile Device" PLEASE NOTE: MobiTog Rule 4. will be applied to all future MobiTog Challenges & Contests. Non-compliance may result in entries being disqualified - you have been notified!

The first iOS malware has been discovered

RoseCat

MobiStaff
Site Staff
MobiSupporter
Real Name
Catherine
Device
iPhone 7 Plus
:eek: :eek: :eek:

The first iOS malware has been discovered

IMAGE: BODEN/LEDINGHAM/CORBIS

BY KELLEN BECK1 HOUR AGO


Your iPhone isn’t as safe from viruses as you thought. A security firm has confirmed the existence of iOS malware that can infect even non-jailbroken phones.

Security company Palo Alto Networks announced it found a Trojan that exploits flaws in Apple’s DRM without needing to abuse enterprise certificates, and they’re calling it “AceDeceiver.” Currently, AceDeceiver only activates when the device’s geotag is in China.

The process for how the malware works is a little complicated. According to Palo Alto Networks, AceDeceiver uses a mechanism called FairPlay Man-in-the-Middle, where attackers purchase apps and save the authorization code needed for it to work on an iOS device. By using fake iTunes clients on infected computers, attackers can send an authorization code to trick a victim’s device to make it believe it purchased the app, and then it will download it.

Once the app has been downloaded on a victim’s phone, it acts as a Trojan, giving access of the device to the attackers under the guise of being a legitimate app.

According to Palo Alto Networks, this method has been used to pirate apps before, and this is the first time FairPlay MITM has been used maliciously. It also said
the method is pretty simplistic, and is likely to be copied by other attackersthe method is pretty simplistic, and is likely to be copied by other attackers. AceDeceiver could also be easily changed to work in regions besides China, although the security company said its region-locked activation makes it harder to be discovered by Apple or security firms.

Palo Alto Networks said that it notified Apple about AceDeceiver in late February and the AceDeceiver apps were promptly removed from the App Store.

http://mashable.com/2016/03/18/first-ios-malware/#wmNl.qw625qQ
 

dscheff

MobiLurver
MobiSupporter
Real Name
Jeffrey
Device
iPhone 11 Pro Max
My 365
My MobiTog 365
:eek: :eek: :eek:

The first iOS malware has been discovered

IMAGE: BODEN/LEDINGHAM/CORBIS

BY KELLEN BECK1 HOUR AGO


Your iPhone isn’t as safe from viruses as you thought. A security firm has confirmed the existence of iOS malware that can infect even non-jailbroken phones.

Security company Palo Alto Networks announced it found a Trojan that exploits flaws in Apple’s DRM without needing to abuse enterprise certificates, and they’re calling it “AceDeceiver.” Currently, AceDeceiver only activates when the device’s geotag is in China.

The process for how the malware works is a little complicated. According to Palo Alto Networks, AceDeceiver uses a mechanism called FairPlay Man-in-the-Middle, where attackers purchase apps and save the authorization code needed for it to work on an iOS device. By using fake iTunes clients on infected computers, attackers can send an authorization code to trick a victim’s device to make it believe it purchased the app, and then it will download it.

Once the app has been downloaded on a victim’s phone, it acts as a Trojan, giving access of the device to the attackers under the guise of being a legitimate app.

According to Palo Alto Networks, this method has been used to pirate apps before, and this is the first time FairPlay MITM has been used maliciously. It also said
the method is pretty simplistic, and is likely to be copied by other attackersthe method is pretty simplistic, and is likely to be copied by other attackers. AceDeceiver could also be easily changed to work in regions besides China, although the security company said its region-locked activation makes it harder to be discovered by Apple or security firms.

Palo Alto Networks said that it notified Apple about AceDeceiver in late February and the AceDeceiver apps were promptly removed from the App Store.

http://mashable.com/2016/03/18/first-ios-malware/#wmNl.qw625qQ
Thank you Katherine :) :thumbs: I did some research on this and found that just about all of the articles covering AceDeceiver written were dated during 2016. I found one from 2017 and nothing since. This could possibly indicate that Apple have closed that back door in subsequent updates of IOS: one would certainly hope so. Stuff like this is enough to keep us all up at night...

SIM Swapping is the latest "maladie du jour." It is certainly one we are concerned with as, we now know, that communications providers employees are being bribed to facilitate the swap. Scary stuff.

Here's a security Tip: Never assume your iPhone or Android is 100% safe. If you use your phone for sensitive tasks, like mobile banking, limit how many apps you download and stick with well known, trusted apps. While it's a real PITA it's good to change your passwords and turn on two factor authentication. Of course. SIM Swap negates the TFA which is supposed to protect us.
 

RoseCat

MobiStaff
Site Staff
MobiSupporter
Real Name
Catherine
Device
iPhone 7 Plus
SIM Swapping is the latest "maladie du jour." It is certainly one we are concerned with as, we now know, that communications providers employees are being bribed to facilitate the swap. Scary stuff.
Do they steal the SIM card from your phone?
 

dscheff

MobiLurver
MobiSupporter
Real Name
Jeffrey
Device
iPhone 11 Pro Max
My 365
My MobiTog 365
Top