Latest iOS updates show big “enterprise certificate” vulnerability

Published on February 17, 2019

Alas. We hoped we had heard of the last of the Trojans.

Before recent iOS updates, there was no way for trojanized applications to enter your phone. That is, for as long as you didn’t jailbreak it. Recently, however, certain companies have found workarounds for some of the iPhone’s defenses.

This new form of malware has been dubbed YiSpecter, and true to its name, it is elusive and hard to detect. YiSpecter is able to display ads on your phone screen, as well as steal your data and install other apps.  While before, for viruses to enter your i-device you needed to jailbreak it, YiSpecter almost trivializes the task. Is this a one-off case or a grim harbinger for the future?

How It Works

YiSpecter gets to your device by abusing the iOS enterprise certificates, used by companies for in-house apps, alongside enterprise API’s. This lets it access the inner workings of your phone because of the way iOS structures permissions.

This is the iOS equivalent of user permissions on Windows. This means that the virus is unable to cause permanent damage to the system files, or control whether the phone is on or off. While this lowers the maliciousness of the virus, it doesn’t make it harmless.

What It Does

YiSpecter is mainly an AdWare virus. This means that its main purpose is to show you, the unfortunate victim, advertisements. In today’s world of marketing, this may be something you’re used to, however that is not the only way YiSpecter damages your phone.

YiSpecter also has access to your personal data, this means that the company in control of it is able to sell off your valuable data and privacy to the highest bidder. While legal efforts on the part of many of the world’s superpowers have largely limited the ability of companies to do this, that courtesy doesn’t extend to illegal viruses.

The virus also installs other apps on your phone, while currently, these may be benign, there is no telling what they may become in the future. It could begin spreading other viruses, adware, or ransomware. These apps also tax your phone’s memory and sometimes processing power. This can lead to your phone slowing down significantly, and even cause lag.

How You Can Stop It

Preventing YiSpecter from getting into your iPhone can be a very difficult task. YiSpecter mostly spreads itself through pornographic and gambling-oriented applications. These apps are most suitable for this because they prey on users when they are vulnerable.

The easiest way to stop YiSpecter from infecting your device is to not download any apps of this sort in the foreseeable future. It is estimated that Apple has let out over 100 apps with malicious content on them into their app store. Download less apps, and make sure to check if they’re safe for use.

Refrain from pirating, as pirated files are easiest to spread viruses through. It would be a wise decision to wait for further updates on the situation. Until these viruses are quelled, or Apple issues an antivirus from rather than focus so intimately on its new campus, it is most advised to refrain from downloading new applications except from a trusted source.


Ilija Miljkovac is a former staff writer at Grit Daily. He is based in London, United Kingdom.

Read more

More GD News