Hackers steal over 250,000 Apple accounts from jailbroken devices

4.6
Dubbed the largest theft of its kind, security research firm Palo Alto Networks has outlined a new type of iOS malware that it's calling KeyRaider, which the company claims has facilitated hackers in claiming over 250,000 devices and their respective Apple accounts already.

The exploit, which is exclusively aimed at jailbroken devices, worms its way onto your device through Cydia, the popular third party app store for jailbroken devices. Once its found it way on your device, it can not only uncover your password but also intercept data. Palo Alto Networks explained the operation of the exploit as follows:

KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads.

Since it hampers your ability to unlock the device, it serves as the perfect means of extorting users for a ransom to continue operation of their device. It doesn't stop there: it can also download and buy apps without your permission if you refuse to pay the ransom, the hacker could simply charge hefty amounts of app charges to your credit card out of spite, adding to the already massive headache anyone affected will probably have by now.

The only silver lining in this case is that the exploit can only affect jailbroken devices, serving as another stark reminder of the perils of fooling around with the root access to your device.

Posted:
Related Forum: Mobile Devices

Source: http://www.neowin.net/news/hackers-steal-over-250000-apple-accounts-from-jailbroken-devices

Related Articles

Comments

"Hackers steal over 250,000 Apple accounts from jailbroken devices" :: Login/Create an Account :: 70 comments

If you would like to post a comment please signin to your account or register for an account.

JRMHPosted:

ProJimmyRustler "serving as another stark reminder of the perils of fooling around with the root access to your device"

Really?
I don't think I would count this as a peril.
You have the same chances of this happening with or without root access to your device.
I don't think the fappening happened because everyone had a jail broken device.
If someone wants the information they are gonna get it.


uh, Apple obviously goes at great measures to prevent you from installing this type of software...

VauxhallPosted:

Lucky i don't have a jailbroken iphone

SkittlePosted:

Glad to hear that I haven't installed this tweak!

BigTunaDaBossPosted:

out of curiosity is sinful down? Can't get that repo on my 4

Tree_FiddyPosted:

gtapro151 hhaah im gonnna start it.....appls cant get virus apple cant get virus :DDDDD


They can't? There are no viruses on the current IOS version for phones/tablets

OGPosted:

Good thing i have never owned a jailbroken device.

gtapro151Posted:

hhaah im gonnna start it.....appls cant get virus apple cant get virus :DDDDD

RobbedPosted:

This is unbelieveable, but the thing is, these jail broken apps are prone to hackers.

FibrilPosted:

ViIIain
MagnaFlow Its only the chinese haveing this issue. Key raider is spreading through Weiphones Cydia repositories

Most of us have never heard of that and obviously never installed it. Its not Cydias fault. Its this tweak provider.

All though I will say, the hack maker is a smart cookie. Ill give him/her/them that.

Very intersesting article, give this a look!

ADMIN add this article or pull info from it to make this post less scary. Most of us are ok :)

http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/

To add to this Weiphones is a Chinese pirate repository. IMO jailbreaking is still pretty safe just don't install shady or pirated things, I would also suggest everyone have 2 step verification on their emails to prevent hackers from getting into your account even with your password.


I read through this article and it was an interesting read. I thankfully didn't use this repo and never will. I would prefer trusted repos where staff will go through their code before publishing others tweaks.

ProJimmyRustlerPosted:

"serving as another stark reminder of the perils of fooling around with the root access to your device"

Really?
I don't think I would count this as a peril.
You have the same chances of this happening with or without root access to your device.
I don't think the fappening happened because everyone had a jail broken device.
If someone wants the information they are gonna get it.


Latest Downloads

Latest Tutorials