If you have jailbroken your iOS device, then you may be one of the at least 225,000 jailbroken users whose Apple IDs and passwords were stolen by the KeyRaider malware. According to the report released by security specialists Palo Alto Networks, this may be the “largest known Apple account theft caused by malware”.
How KeyRaider steals information
If your device was not modified, then you should breathe a sigh of relief. The malware targets only hacked or jailbroken iOS devices using the Cydia repository to steal your account information. Cydia is an app store for jailbroken iPhones, and it allows users to download paid apps and in-app purchases for free.
Palo Alto Networks’ Claud Xiao explains, “the malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device.” The stolen data is then uploaded to the malware’s server. The attackers use the stolen account credentials to download apps from the App Store without paying.
And it doesn’t stop there. KeyRaider also steals Apple push notification service certificates and private keys, which then prevents the infected device from being unlocked by the passcode or the iCloud service. Some users found their iPhones and iPads being held in ransom because of this malware attack.
Why jailbreaking is dangerous
So if you’re thinking about jailbreaking your iPhone or iPad, this is a reminder that it’s NOT a good idea especially when you are not aware of the tweaks you’re installing.
Jailbreaking is the same as hacking into the device because the user is going around the built-in security protections, making it vulnerable to malware attacks like this. KeyRaider is not the first of its kind; there was also the “Unflod” that intercepted encrypted traffic to steal passwords. The malware AppBuyer not only stole account information but also purchased apps from the App Store without the user’s permission.
How safe are you from KeyRaider
The bulk of the malware attacks are in China but it expands to up to 18 countries including the United States. China is the biggest victim because the malware was distributed through Chinese Cydia repositories, and many pre-jailbroken iPhones are being sold to customers.
The 225,000 users affected is only a very small percentage to Apple’s 885 million iTunes accounts (as of 2014). However, this in eyeopener to curious minds about the potential dangers of jailbreaking your device.