The victim's desktop machine would have to be infected with malware. The technique would first require sneaking that evil app past Apple's app store security review. "People installing software to pirate apps which abuses this loophole and may introduce malicious behavior, rather than widespread infections."Īs for the scenario where the same technique is repurposed by invisible desktop malware to smuggle an evil app onto the user's iPhone, iOS security researcher Zdziarski argues it's possible, but farfetched. it’s probably going to be in a similar model," says Olson. "We likely will see this attack used again in the future, but. Instead, argues Palo Alto researcher Ryan Olson, it's more likely that incautious people like those who installed AiSiHelper will again use the technique to install pirated, unauthorized programs that come with unwanted side effects. "It's likely we'll see this start to affect more regions around the world, whether by these attackers or others who copy the attack technique," wrote Palo Alto researcher Claud Xiao in the firm's blog post.ĭespite AceDeceiver's innovations, however, even Palo Alto's own researchers admit that it doesn't pose much of a very realistic threat to anyone who's not actively seeking to put shady apps on their device. If hackers could quietly install a piece of malware on your desktop machine-as opposed to Chinese iPhone owners' voluntary installation of AiSiHelper on their PCs-they might be able to pull off the same Fairplay man-in-the-middle trick to inject malicious apps onto your iPhone, too. Security researchers are more concerned that AceDeceiver's disturbingly clever techniques could be replicated to attack people who weren't already seeking to install unauthorized apps on their phone. But AceDeceiver has spooked the security community by breaking Apple's security restrictions even on non-jailbroken iPhones. It's not the first time that unsavory developers have taken advantage of the popularity of pirated apps in China to spread nasty code: A piece of password-stealing malware infected 225,000 jailbroken iPhones last year. According to Palo Alto Networks, AiSiHelper has 15 million downloads and 6.6 million active users, and its rogue app installation targets people in mainland China.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |