Malware + Recommended + Security News

225,000 Reasons Not to Jailbreak Your iPhone — iOS Malware in the Wild

Posted on September 1st, 2015 by

Jailbroken iPhones

Over 225,000 iOS devices have been hit by a malware attack, stealing Apple ID account usernames and passwords, certificate keys, private keys, App Store purchasing information and more.

The good news is that the problem is contained to jailbroken devices and is detected by Intego's security products as iOS/KeyRaider.

The bad news is that so many people continue to jailbreak their iPhones, increasing the security risks for themselves and their private personal data.

The malware family, dubbed KeyRaider, is the subject of a detailed investigation by researchers at Palo Alto Networks:

The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying. Jailbreak tweaks are software packages that allow users to perform actions that aren’t typically possible on iOS.

These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users. The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials.

Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom.

I understand why, in the early days of iOS, some people might have wanted to jailbreak their iOS devices.

There were features that Apple hadn't incorporated into the operating system, or functionality that it banned from the App Store, that you could only experience on your iPhone if you went to the effort of jailbreaking it.

Torrent-downloading apps, for instance, simply were not allowed on iOS, because (in Apple's words) "this category of applications is often used for the purpose of infringing third-party rights." Your only answer if you wanted to download torrents was to jailbreak your iPhone first, and download the unapproved app from a third-party marketplace.

And the problem, of course, was that online criminals found it easier to publish malicious iOS apps into third-party unofficial app stores than to sneak them into Apple's highly-secured "walled garden."

To this day, proper on-access anti-virus solutions are still not available for iOS, banned by Apple HQ for the low-level access they need to work your operating system, leaving you in the ironic position of having to jailbreak your device, which makes it less secure, in order to try to make it more secure.

Sometimes third-parties did manage to fill the gaps in Apple's operating system, in some form or another, by getting their legitimately useful app into the official App Store, but I think most of us always breathed a sigh of relief when Cupertino realised they were missing a trick and added their own version of the functionality into the OS proper.

It's hard to believe that in the first two years of its existence, for instance, iPhones had no such thing as cut-and-paste built in, and it took until iOS 3.0 (more correctly, iPhone OS 3.0) in 2009 before it finally arrived.

Imagine living now without cut-and-paste — I know I couldn't.

But today? Why do you really need to jailbreak your iPhone or iPad? Sure, it might be nice to tweak with Apple's operating system in ways they hadn't planned, change default icons for apps or add funky Android-like gesture support to the lock screen, but it's not going to turn your world upside down like getting cut-and-paste would.

So, for most people, I don't think there's much of a convincing argument to jailbreak your iPhone or iPad. If you really don't like the way your iPhone works, maybe you would have been better with an Android instead, which does offer more flexibility.

The one group that may disagree with me most loudly, of course, are those people who want all the status of owning an Apple iPhone or iPad, but don't feel as comfortable about paying for apps.

Once you have jailbroken your iDevice, you will potentially be able to install thousands of pirated iOS apps that normally you would have to shell out hard cash for in the official App Store. The problem you have, of course, is that the apps you are downloading have not undergone the scrutiny of Apple's security team, and may be boobytrapped to infect your precious smartphone or tablet.

And now that you have jailbroken your iPhone, you're not going to receive future security updates for iOS from Apple.

My advice? It's the same that I gave if you wanted to avoid the Cloud Atlas malware, or to not have governments installing spyware on your smartphone.

If you care about security, don't jailbreak your iDevice. You're playing Russian roulette with your online safety.

It's a mistake that seemingly 225,000 other jailbroken iOS users have already made. Don't put yourself at risk by following in their footsteps.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →
  • Mit

    I like your points but I think the vast majority of these “jail breakers” are kids that just need to learn their lessons. The fact is that Apple is quietly allowing the devices to be jailbroken.
    Apple TV version 3 is proof that whenever Apple decides to make something not jailbreak-able; it will not be….So good for those that think they know it all. Now they will get to pay the bill…The only Apple device that I wanted to jailbreak as you might have guessed is the Apple TV, it’s heaps of fun when you jailbreak it. Otherwise it is a device that sucks money from your bank account. I would of course never link an apple TV to my iTunes account or put any financially viable info in there. Too easy to steal.

  • Shagia Metric

    Absolutely blind sided (and ignorant) arguments in my opinion.

    iOS still continues to have a number of missing functional features like extra quirks, I.E quick composition in BiteSMS, removing functional and visual bloat from your control center and Notification Center (widgets aren’t enough), some decent customization, I can really go on about what you can do to improve your experience on a jail broken phone.

    Although it definitely isn’t safe to bust the root to your phone open for some “android actions”, this isn’t saying everyone is at risk of being attacked when being jailbroken. (Change your damn root password) What’s risky is using tweaks to pirate free software off the App Store (no, you cannot do that off the bat as you jailbreak your phone, you need to find this) what’s risky is using pirated repos on the Internet to get free, pirated tweaks, and I feel as if you’re generalizing all jailbroken users as those people who engage in this. There are so many trusted developers and trusted repos that you pay to use their iPhone tweaks, and you’ve failed to even mention that.

    I can assure you many jailbroken users want iOS for it being a nice OS but with more functionality and customization, and because Apple can’t really care less, many people take it amongst themselves to try and personalize their device and get the most functionality they can out of their phones with ideas from other users who also use iPhones. To me, this is about what other users want that Apple can’t deliver because they focus on other things.

    To be frank, these people know the risks, some just don’t care though, and those who do not care get them in situations like this where they keep their phone unprotected to unverified, pirated tweaks, don’t just put them all in the same room because you disagree with it, because some of these users have never touched a pirated App Store app or Cydia tweak in their iPhone’s life.