AceDeceiver: Breaking Apple’s Cryptographic Leash

The past week, I’ve been writing all about cryptographic leashes and how they could be easily broken in the case of controlling FBI’s iOS backdoor. Surprisingly, the first serious example of this has surfaced this week. The researchers at Palo Alto Networks, who have been killing it lately with great iOS research, did a breakdown of a piece of Chinese malware known as AceDeceiver. AceDeceiver breaks the cryptographic leash baked into the iPhone’s App Store system, allowing an attacker to install applications on the host iPhone even after they’ve been revoked by Apple. While the malware, in its present form, isn’t likely to cause widespread damage, the vulnerabilities in Apple’s DRM that this presents could be used for far more malicious purposes.

AceDeceiver starts its life as malware on your desktop. In its present form, you’d have to be dumb enough to install a Chinese pirate app store in order to have to worry about this, but in a more malicious form, something like it could potentially be embedded as a trojan in legitimate software. The malware performs a man-in-the-middle attack between your computer and the App Store, and fudges the authorizations used to let your iPhone run purchased software. Think of the attack as forging a receipt, like paying for a set of towels at Target, then returning a different set. Apple has no way to check the towels (your apps) to make sure they’re the same ones, so the iPhone lets the app run since you have a valid receipt. It’s even worse than this, because the receipts aren’t tied to your iTunes account – you can pull someone else’s receipt out of the trash and return towels you never purchased. It’s this receipt that is re-used to install the malware’s own software on your iPhone by impersonating iTunes. The malware author can use his or her own receipts to load previously approved App Store software onto your phone.

There’s one catch to how AceDeceiver does this that is particularly dangerous: The applications it installs on your iPhone have been approved by Apple for the App Store, so rather than use enterprise certificates (which can be revoked), or developer certificates (which can also be revoked), the application is signed with an un-revokable Apple certificate. Even if Apple pulls the malicious application from the App Store, it has no way of revoking it from running on your device. AceDeceiver’s software got through Apple’s review process by lying dormant inside what looked like a legitimate app. It called home to a C2 server to see if it should activate itself. After the app review process completed, it was signed by Apple, and could be turned on to do damage. At this point, it didn’t matter that Apple removed it from the store – it was signed by Apple, and Apple can’t revoke their own certificate.

As I said, in its present form, it’s used primarily for piracy, however this could be easily converted into a piece of malware. Consider this scenario: You download a trojanized version of a legitimate application (such as Transmission, or anything else you’d find on the Internet). The trojan includes a piece of malware that was snuck into the App Store and then “turned on” later. Even if Apple has already revoked the application, the malware could still install it onto your non-jailbroken iOS device. This malware could be a decoy of a popular application you use, such as Gmail or Facebook, intended to steal your credentials (and download your data) when logging in.

I initially thought this was not a big deal, but as it turns out it can be. On the other hand, if you can get root on someone’s desktop, why would anybody go to all of the trouble of screwing around with apps? You can steal so much more from a user’s desktop that phishing for credentials seems almost tacky.

Overall this is a very tricky DRM exploit, but because it’s so deeply integrated into Apple’s design, it’s hard to fix. In fact, this flaw has been known for at least three years, and still goes unfixed in iOS. This particular design flaw wouldn’t allow something like FBiOS to run, but it does demonstrate that software control systems have weaknesses, and cryptographic leashes like this can be broken in ways that are extremely difficult to fix with a large customer base and an established distribution platform. Should a similar leash be found that would affect something like FBiOS, it would be catastrophic to Apple, and potentially leave hundreds of millions of devices exposed.