BURCANGIJO

ManageEngine OpManager, a powerful NMS for monitoring your network, physical & virtual (VMware/ HyperV) servers & other IT devices. Deploy and start monitoring in less than an hour. Trusted by over a million admins world-wide. Try it for free.

The flaw has been exploited since 2013 largely as a means to pirate iOS software, but this is the first time its been used to infect iPhones with malware, researcher Claud Xiao said.

"This is a fairly sophisticated attack," said Steve Kelly, president of Intego.

"Theres a lot of moving pieces in this," he told TechNewsWorld. "Somebody put quite a bit of effort in creating this. "

The attack works like this: The malware author purchases a legitimate app through the ITunes app. During the download process, the hacker intercepts the authorization code that accompanied the software. iOS devices use that code to authenticate the app.

Once in possession of the code, the hacker writes a PC program touted to provide some utility for a user. The program, called "Aisi Helper," purports to provide services for iOS devices such as system reinstallation, jailbreaking, system backup, device management and system cleaning.

When the program runs, however, it emulates the iTunes client in the background and uses the intercepted authorization code to send infected apps to an iPhone secretly.

Three infected apps were uploaded to the App Store from July to February, Xiao said. Each managed to avoid detection by Apple by tailoring its behavior to a geographic region.

"Apple removed these three apps from the App Store after we reported them in late February 2016," he noted.

"However, the attack is still viable because the FairPlay MITM attack only requires these apps to have been available in the App Store once. As long as an attacker could get a copy of authorization from Apple, the attack doesnt require current App Store availability to spread those apps," Xiao continued.

While the malware, which Palo Alto calls "AceDeceiver," appears to affect only users in mainland China, its a sign of bigger problems for Apple because its a blueprint for infecting nonjailbroken iPhones, he noted.

"As a result, its likely well see this start to affect more regions around the world, whether by these attackers or others who copy the attack technique," Xiao said.

With the recent introduction of ransomware for Linux and OS X, its apparent that malware writers are trying to expand their reach, noted Adrian Liviu Arsene, a senior threat analyst with Bitdefender.

"This is the first time that weve seen malware as an application installed on an iPhone that was not jailbroken," he told TechNewsWorld. "If that can happen, the skys the limit."

Although Apple removed the infected wallpaper apps from the App Store as soon as Palo Alto notified it about them, it may have been surprised by the attack, maintained Vishal Gupta, CEO of Seclore.

"Most attacks happen on jailbroken devices. Apple says its not responsible for jailbroken devices, and thats usually where the story ends," he told TechNewsWorld.

"This time its Apples responsibility," Gupta said, "and theres no way Apple can shrug this off."

Apple and other hardware makers need to focus more resources on protecting the data on phones, he maintained.

"Apple and others are too busy securing their devices. This device-centric view is, unfortunately, a challenge in the present security posture of a lot companies, including Apple," Gupta said.

"People are not interested in securing devices -- theyre interested in securing their data," he continued.

"If you lose your phone, youll feel sad about it, but you can always buy another phone," Gupta added. "But if you lose youre data, that can be something very difficult to replace."