If you’re tempted to “jailbreak” your iPhone to access non-Apple apps, think again – a new hacking attack in China might mean jailbroken phones could be held to ransom by hackers.
A recent attack by vicious malware means that hundreds of thousands of Apple accounts on jailbroken iPhones have been hacked in what tech site Gizmodo calls “the largest theft of its kind”.
The new malware, labelled ‘KeyRaider’, allows hackers to look at your passwords and even make App Store purchases without your permission.
More than 250,000 Apple accounts on jailbroken iPhones have been breached already, with iPad users also reporting suspicious activity on accounts linked to their devices.
“KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads,” said Palo Alto Networks (PAN), the Chinese tech firm which discovered the breach.
“Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom.”
Most of the breaches have happened on Chinese-owned devices, however PAN reported users in 17 other countries had been caught out, including Australia.
Apple is yet to issue a statement or any response to reports of the breach.
Ransoms, shopping sprees and stolen passwords
In China, PAN claims users’ iPhones are being unknowingly locked, resulting in people not being able to access or use the device.
Then on the screen a message appears: “Please contact by QQ or phone to unlock it.”
Users also reported express requests for ransom payments being displayed, in exchange for access back to their phones, according to PAN.
In addition, the software created by hackers has let other people use victims’ accounts to purchase non-free iTunes apps for free.
“The fee will be paid by victims, but money will go to Apple and then partly to developers. Then developers share this income with attackers, as was the case with the AppBuyer malware,” PAN explained.
The hack and its supporting malware has been named ‘KeyRaider because of the way it seizes passwords, reported PAN.
“We named this new iOS malware family ‘KeyRaider’ because it raids victims’ passwords, private keys and certificates,” PAN wrote.
“The malware hooks system processes through MobileSubstrate, and steals Apple account usernames and passwords.”
It is unclear whether passwords other than Apple account ones have been accessed in the hack. Despite that, those who have been hacked are advised to change as many passwords as they can.
While the breach has been fully discovered and its roots understood by tech experts, Gizmodo warns that a jailbroken iPhone is a recipe for disaster.
“Let this serve as yet another warning that jailbreaking your phone might make it fun to change around your app icons or install bootleg apps or whatever. But it’s also a great way to expose yourself to malware. Beware.”
Have I been hacked?
You can check if your Apple account has been hacked on this website (you’ll have to translate the webpage to English, unless you read Chinese – your browser should help with that).
For the more technologically savvy, PAN steps you though a how-to process of checking in its report. PAN advises anyone who has been breached to change their Apple account passwords.
Apple account holders are also being urged to check their account purchase history for any abnormal charges.
How to protect your iPhone, iPad and Apple account
1. Simple. Do not jailbreak your device.
2. However, if you have jailbroken your device → you need to “un-jailbreak” it.
This essentially involves: Connecting it to a computer, backing it up and then re-installing an Apple operating system.
• There are numerous “how-to” guides demonstrating this process
• There are also numerous videos. Including this one: