225,000 iPhones HACKED with Jailbreak Malware

[Srgnt_Ballistic]

Source: TNW News
Original Source: Palo Alto Networks

 

So this is a funny and scary one for me. A malware called KeyRaider was apparently inserted into a build of Cydia, which is a popular iOS Jailbreaking app. The app is designed to help the non-tech savvy tweak their iOS devices.

Researchers estimate ~225,000 VALID Apple IDs were compromised with out the users having any idea. The credentials were then uploaded to a server which the researchers were able to gain access to via, get this...SQL Injection! Yes good ol' easily avoided by database input validation/sanitation, responsible for dozens of major corporate hacks, are you serious why is this still a common attack vector... SQL Injection.



Apparently only the jailbreakings apps distrubuted from the Weiphone Cydia repositories contained the malware. But this points out a huge issue with Jailbreaking or running any 3rd party software in what's supposed to be closed environment. Similar events have happened with Android ROMs/Rootkits, free/open source encryption software etc...

A while back a popular game hack service allegedly released a hacked version of their own software which would format the drives of users that installed the "stolen" version of their already nefarious software. You can find thousands of video and text/picture guides on how to root/jailbreak devices and crack software for free use. Question is what hidden little bytes of data are you unknowingly giving access to some of your most important information?

Will this stop any of you from rooting, jailbreaking or using cracked software/games. Do you guys ever use checksums to ensure the validity of the 3rd party or open-source software you install?

[Guest]

APPLE PRODUCTS CAN GET VIRUSES

HAHAHAHAHAHHAHA

take that people who say apple products cant get viruses >: D 

[theninja35]

Well f**k. I was jailbroken. Not sure if I had one of the infected apps though.

[Atmos]

Hahaha, sucks to suck.

Want total control over your iphone like all the andriod users? Easy, just download this hack and infect your phone!

[Arty]

a jailbreak = iphone hack

derp

[KemoKa]

muahahahaha.... *strokes zenfone 2*

That's what they get for shit-talking Android.

[Elfuego]

Weiphone = Chinese Pirated App Store /Care?

[theKumba]

APPLE PRODUCTS CAN GET VIRUSES

HAHAHAHAHAHHAHA

take that people who say apple products cant get viruses >: D 

If these people had used their Apple products the correct way, this would never have happened.

[Mew]

225 thousand iphones is actually a very small number considering how many iphones Apple has sold over the years. But nonetheless, it's always best to be careful what you install. 

[Guest]

If these people had used their Apple products the correct way, this would never have happened.

still got hacked

[givingtnt]

HAHAAHHAHAHAHAHAHAAH

good thing I went swimming with my iphone 3 weeks ago !

[KemoKa]

If these people had used their Apple products the correct way, this would never have happened.

You can crash the OS with a single string of digits.

[CyberneticTitan]

APPLE PRODUCTS CAN GET VIRUSES

HAHAHAHAHAHHAHA

take that people who say apple products cant get viruses >: D 

 

True, but it isn't that much of a feat when the end user has done something not vouched by the manufacturer....

[Thebman712]

muahahahaha.... *strokes zenfone 2*

That's what they get for shit-talking Android.

ZENFONE BUDDIES UNITE

 

the funny thing is is that apple used to be mostly clean from viruses because they were not the majority of the consumer market. well that has changed

[theKumba]

You can crash the OS with a single string of digits.

Which has already been fixed. The reason these accounts where hijacked is that users used software that wasn't certified by Apple. Something like this would have never happened with an application downloaded from Apples appstore, since every app and every app update has to be approved by Apple. I'm definitly not saying that iPhones are invincible to malware, but still it's much more unlikely to catch malicious software on iOS than on Android.

[KemoKa]

I'm definitly not saying that iPhones are invincible to malware, but still it's much more unlikely to catch malicious software on iOS than on Android.

 Android and iOS are both based on operating systems designed in such a way so as to catch malware at multiple levels. iOS is no more adept at finding and preventing malware problems than Android.

[zacRupnow]

Hahaha Cydia is the most popular iPhone jailbreaker!

[bcredeur97]

This is why you shouldn't use other, untrusted sources inside of cydia when you have a jailbroken iPhone. This includes piracy repositories

[Prysin]

if they had bought android. They would never have needed to jailbreak the phone in the first place... so HA!!!!

[Guest]

if they had bought android. They would never have needed to jailbreak the phone in the first place... so HA!!!!

Glad I'm not getting an iPhone

[Trik'Stari]

What's that? Apple is just as vulnerable as everyone else, and not so high and mighty as they think they are?

[Mo_z_Art]

I don't get it why people say the iphone in general is vulnerable when the post clearly states that they were jailbroken, thus had a modded os on them.
If I buy a nice VW then somehow manage to slap a 800 HP engine in there (something youre NOT intended to do by VW) and then go with 250km/h when suddenly my car falls apart and the brakes malfunction I can't say: This is VWs fault and all VW are really bad cars because my 1 week old one broke down on the second drive.

[Swndlr]

Idk why youd jailbreak an iPhone in the first place, if youre into customisability and being able to tweak anything you want, you probably should have gotten an Android device with a custom ROM instead.

 

Only time I tinkered with my iPhone was when I had the iPhone 4 and jailbroke it to get iOS 7 early, but that was way back.

[Swndlr]

What's that? Apple is just as vulnerable as everyone else, and not so high and mighty as they think they are?

snip

mah boi NELSON

 

[othertomperson]

 

APPLE PRODUCTS CAN GET VIRUSES

HAHAHAHAHAHHAHA

take that people who say apple products cant get viruses >: D 

 

 

What's that? Apple is just as vulnerable as everyone else, and not so high and mighty as they think they are?

 

 

Well yes. Jailbreaking an iPhone does indeed remove most of the aspects of iOS that are inherent in its superior security over Android.

 

It would be like giving everything in Linux root access and then claiming that it's clearly not more secure than Windows when that inevitably ends badly.