The Mac Security Blog

Malware + Recommended + Security News

225,000 Reasons Not to Jailbreak Your iPhone — iOS Malware in the Wild

Posted on by

Jailbroken iPhones

Over 225,000 iOS devices have been hit by a malware attack, stealing Apple ID account usernames and passwords, certificate keys, private keys, App Store purchasing information and more.

The good news is that the problem is contained to jailbroken devices and is detected by Intego’s security products as iOS/KeyRaider.

The bad news is that so many people continue to jailbreak their iPhones, increasing the security risks for themselves and their private personal data.

The malware family, dubbed KeyRaider, is the subject of a detailed investigation by researchers at Palo Alto Networks:

The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying. Jailbreak tweaks are software packages that allow users to perform actions that aren’t typically possible on iOS.

These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users. The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials.

Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom.

I understand why, in the early days of iOS, some people might have wanted to jailbreak their iOS devices.

There were features that Apple hadn’t incorporated into the operating system, or functionality that it banned from the App Store, that you could only experience on your iPhone if you went to the effort of jailbreaking it.

Torrent-downloading apps, for instance, simply were not allowed on iOS, because (in Apple’s words) “this category of applications is often used for the purpose of infringing third-party rights.” Your only answer if you wanted to download torrents was to jailbreak your iPhone first, and download the unapproved app from a third-party marketplace.

And the problem, of course, was that online criminals found it easier to publish malicious iOS apps into third-party unofficial app stores than to sneak them into Apple’s highly-secured “walled garden.”

To this day, proper on-access anti-virus solutions are still not available for iOS, banned by Apple HQ for the low-level access they need to work your operating system, leaving you in the ironic position of having to jailbreak your device, which makes it less secure, in order to try to make it more secure.

Sometimes third-parties did manage to fill the gaps in Apple’s operating system, in some form or another, by getting their legitimately useful app into the official App Store, but I think most of us always breathed a sigh of relief when Cupertino realised they were missing a trick and added their own version of the functionality into the OS proper.

It’s hard to believe that in the first two years of its existence, for instance, iPhones had no such thing as cut-and-paste built in, and it took until iOS 3.0 (more correctly, iPhone OS 3.0) in 2009 before it finally arrived.

Imagine living now without cut-and-paste — I know I couldn’t.

But today? Why do you really need to jailbreak your iPhone or iPad? Sure, it might be nice to tweak with Apple’s operating system in ways they hadn’t planned, change default icons for apps or add funky Android-like gesture support to the lock screen, but it’s not going to turn your world upside down like getting cut-and-paste would.

So, for most people, I don’t think there’s much of a convincing argument to jailbreak your iPhone or iPad. If you really don’t like the way your iPhone works, maybe you would have been better with an Android instead, which does offer more flexibility.

The one group that may disagree with me most loudly, of course, are those people who want all the status of owning an Apple iPhone or iPad, but don’t feel as comfortable about paying for apps.

Once you have jailbroken your iDevice, you will potentially be able to install thousands of pirated iOS apps that normally you would have to shell out hard cash for in the official App Store. The problem you have, of course, is that the apps you are downloading have not undergone the scrutiny of Apple’s security team, and may be boobytrapped to infect your precious smartphone or tablet.

And now that you have jailbroken your iPhone, you’re not going to receive future security updates for iOS from Apple.

My advice? It’s the same that I gave if you wanted to avoid the Cloud Atlas malware, or to not have governments installing spyware on your smartphone.

If you care about security, don’t jailbreak your iDevice. You’re playing Russian roulette with your online safety.

It’s a mistake that seemingly 225,000 other jailbroken iOS users have already made. Don’t put yourself at risk by following in their footsteps.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →