iPhones vulnerable to malware right out of the box

Though iPhones tweaked by users have been hit by malicious software before, the new "AceDeceiver" malware, spotted in China, can infect factory-configured iPhones.

Ben Fox Rubin Former senior reporter
Ben Fox Rubin was a senior reporter for CNET News in Manhattan, reporting on Amazon, e-commerce and mobile payments. He previously worked as a reporter for The Wall Street Journal and got his start at newspapers in New York, Connecticut and Massachusetts.
Ben Fox Rubin
2 min read

AceDeceiver affects only iPhone users in mainland China, but similar attacks are possible elsewhere, a security company said.

Josh Miller/CNET

Hackers have found a new way to download malicious apps onto our iPhones.

Security company Palo Alto Networks said Wednesday that it discovered a new kind of attack on devices running on Apple's iOS software, calling the malware "AceDeceiver." After a user's personal computer is infected, hackers can then attack mobile devices connected to that PC and even secretly download malicious apps without the user having to do anything.

It's one of the first pieces of malware to attack factory-configured iPhones, as opposed to gadgets users have modified so they can use unauthorized apps.

Palo Alto Networks informed Apple about AceDeceiver in late February and Apple has since removed three related apps from its App Store in response.

Apple representatives didn't respond to a request for comment.

Though AceDeceiver affects only users in mainland China, Palo Alto Networks warned that the type of attack it uses could be put into play by hackers in other regions.

This latest method of attack shows how Apple and other software makers are in a constant battle to fend off malware on their systems. Often, once one bug or vulnerability is fixed, hackers find a new weakness to exploit. Apple has been using that general issue to argue against creating a back door entry into its iPhones, as the FBI has requested in one terrorism case.

AceDeceiver can infect phones that aren't jailbroken, a practice some people use to strip their Apple gadgets of the company's security systems, allowing them to download apps and other software Apple hasn't approved for use on its devices. Without the security measures, jailbroken gadgets tend to be much more vulnerable than out-of-the-box devices.

The fact that AceDeceiver can infect either type of gadget shows that the malware has the potential to affect many more people. AceDeceiver is one of the first pieces of malware to hit non-jailbroken iPhones, following attacks in China this past October by two other malicious programs.