'KeyRaider' malware harvests 225,000 Apple IDs from jailbroken iOS devices

Posted:
in iPhone edited September 2015
A new form of iOS malware making its way around the jailbreak scene has resulted in the theft of credentials linked to at least 225,000 Apple IDs, resulting in fraudulent app purchases and in some cases ransom demands.


A ransom message displayed on an iPhone infected with KeyRaider. Image via Palo Alto Networks.


KeyRaider --?discovered by researchers at Palo Alto Networks and WeipTech -- is primarily distributed via Cydia repositories in China, but has been found on devices owned by users throughout the world, including the UK and the U.S. Those firms began investigating earlier this summer, after some users of jailbroken iOS devices found unauthorized purchases or other abnormalities in their Apple account.

The malware collects a number of other items in addition to Apple ID usernames and passwords. It also targets the device's unique identifier, or GUID, alongside security certificates and private keys for Apple push notification service as well as App Store purchase data.

KeyRaider also disables the ability to unlock iOS devices on which it's installed, a feature occasionally used to remotely hold devices for ransom.

The researchers say KeyRaider is linked to two other jailbreak tweaks that let users download App Store apps for free. Using the stolen credentials, those tweaks impersonate legitimate users in App Store purchase requests.

KeyRaider's appearance underscores that jailbreaking, despite being occasionally useful, represents a significant security risk for users. While iOS is impressively secure in its default configuration, jailbreaking necessarily removes some protections and opens devices up to unwanted data exfiltration.
«13

Comments

  • Reply 1 of 48
    mazda 3smazda 3s Posts: 1,613member
    The iOS "Walled Garden" doesn't seem so bad now, does it? :)
  • Reply 2 of 48
    razorpitrazorpit Posts: 1,796member
    Quote:

    Originally Posted by AppleInsider View Post



    KeyRaider's appearance underscores that jailbreaking, despite being occasionally useful, represents a significant security risk for users. While iOS is impressively secure in its default configuration, jailbreaking necessarily removes some protections and opens devices up to unwanted data exfiltration.

     

    At this point I have no sympathy for the jailbreaking community.  Even in the early days of jailbreaking when you could make an argument for doing it I never saw the value of hacking something that contains the amount of personal information the average smartphone contains...

  • Reply 2 of 48

    Imagine that.  A jailbroken device has a flaw that can be exploited.

  • Reply 4 of 48
    I'm surprised there aren't anti-virus software on Cydia by now.
  • Reply 5 of 48
    Quote:

    Originally Posted by razorpit View Post

     

     

    At this point I have no sympathy for the jailbreaking community.  Even in the early days of jailbreaking when you could make an argument for doing it I never saw the value of hacking something that contains the amount of personal information the average smartphone contains...


    The weakest link in security is stupid users.  This is akin to walking up to a stranger on the street -- borrowing a dirty needle and injecting yourself with it....  

  • Reply 6 of 48

    Agreed. It's users who install shady or pirate repos that seem to have these problems. 

  • Reply 7 of 48
    razorpitrazorpit Posts: 1,796member
    Quote:

    Originally Posted by bkkcanuck View Post

     

    The weakest link in security is stupid users.  This is akin to walking up to a stranger on the street -- borrowing a dirty needle and injecting yourself with it....  




    Fair enough...

  • Reply 8 of 48
    kent909kent909 Posts: 731member

    I wonder if those who jailbroke their phones and experience finacial losses, if they will get no recourse due to it is their own fault.

  • Reply 9 of 48
    mike1mike1 Posts: 3,275member
    Quote:

    Originally Posted by bkkcanuck View Post

     

    The weakest link in security is stupid users.  This is akin to walking up to a stranger on the street -- borrowing a dirty needle and injecting yourself with it....


     

    And they'll always be somebody saying it's the fault of the needle manufacturer.

  • Reply 10 of 48
    fallenjtfallenjt Posts: 4,053member
    My life of iPhone jaibreak ended since the release of iOS 7. Risks outweigh the benefits. Especially with Apple Pay, it's pretty dumb to jailbreak your phone opening doors for malware attacks.
  • Reply 11 of 48
    A new form of iOS malware making its way around the jailbreak scene has resulted in the theft of credentials linked to at least 225,000 Apple IDs, resulting in fraudulent app purchases and in some cases ransom demands.

    I think AppleInsider is remiss in calling this an iOS exploit, like, I'm sure, the other less informed media outlets will do as well.

    iOS does not, nor will allow this exploit. It is the "no-longer-iOS" devices that allow this and AI shouldn't be adding to the FUD by sloppily reporting this as iOS.
  • Reply 12 of 48
    pscooter63pscooter63 Posts: 1,080member
    Quote:
    Originally Posted by razorpit View Post

     

    At this point I have no sympathy for the jailbreaking community.


     

    Well, risk-takers will do what they must to feed what drives them.  I'm sure a great deal of personal satisfaction is gleaned from the notion of succeeding in the face of bucking the system.

     

    I am no risk-taker in that sense; and I don't feel the need to sympathize when something bad like this happens.  But I do understand where they're coming from.  And I hope they understand themselves well enough to take personal responsibility for said risks.

  • Reply 13 of 48
    bobschlobbobschlob Posts: 1,074member
    Ooooh… Jailbreakers get sent up the river. Burrrrrrn
  • Reply 14 of 48
    sflocalsflocal Posts: 6,092member

    I'm waiting for the media to sensationalize this and make it sound like it's a non-jailbroken problem.



    I can pretty much guarantee the trolls, Fandroids, and iHaters will try passing off this non-story as an Apple problem.

  • Reply 15 of 48
    Quote:

    Originally Posted by Mazda 3s View Post



    The iOS "Walled Garden" doesn't seem so bad now, does it? image

    I loved to be able to jailbreak my iPhone early on (for perfectly legit purposes, such as being able to download video podcasts > 100MB over LTE, stream TiVo or Amazon Video over LTE, use tethering, and a bunch of other cool UI features), back when the jailbreaks came from well known US hackers. Since iOS 7, I have zero trust in these Chinese jailbreaks, and there is no way I would install them on my phone.

    And yes, you're right. The "walled garden" seems like a really good idea after all, even though it can be frustrating at times. Just ask Google... the StageFright nightmare hasn't even started.

  • Reply 16 of 48
    coolfactorcoolfactor Posts: 2,239member
    Quote:
    Originally Posted by LordJohnWhorfin View Post

     

    I loved to be able to jailbreak my iPhone early on (for perfectly legit purpose ... The "walled garden" seems like a really good idea after all, even though it can be frustrating at times.


     

    What can you not do on your non-jailbroken device? How much of that is pegged on the carrier, not the device or operating system? For example, my carrier has allowed tethering since day one (back in 2008), whereas many carriers still don't allow it without an extra charge or a long-term contract. Jailbreaking would get around that for those carriers, I agree.

  • Reply 17 of 48
    coolfactorcoolfactor Posts: 2,239member
    Quote:

    Originally Posted by Macky the Macky View Post





    I think AppleInsider is remiss in calling this an iOS exploit, like, I'm sure, the other less informed media outlets will do as well.



    iOS does not, nor will allow this exploit. It is the "no-longer-iOS" devices that allow this and AI shouldn't be adding to the FUD by sloppily reporting this as iOS.



    I agree with this 100%. AppleInsider is being irresponsible by using that wording... "a new form of iOS malware"... as if there are many other forms?

  • Reply 18 of 48
    sergiozsergioz Posts: 338member
    You know it's for thous idiots who don't take jailbraking seriously and don't take steps to protect [root] & [mobile root] and install things they don't understand. In this case user had to install KeyRaider on their phone and give root access to malware. I always had a jailbroken iPhone. To be exact since iPhone 4S and today I am still proudly crying jailbroken iPhone 6. Try and hack me, you'll die trying! I personally believe jailbroken iPhone is far more secure than than your average boring Apple protected iPhone. In fact you can buy one here from some one that understands jailbreaking http://goo.gl/hvbpTr
  • Reply 19 of 48
    quadra 610quadra 610 Posts: 6,757member
    Quote:

    Originally Posted by sflocal View Post

     

    I'm waiting for the media to sensationalize this and make it sound like it's a non-jailbroken problem.



    I can pretty much guarantee the trolls, Fandroids, and iHaters will try passing off this non-story as an Apple problem.




    This.

  • Reply 20 of 48
    Quote:

    Originally Posted by coolfactor View Post

     

     

    What can you not do on your non-jailbroken device? How much of that is pegged on the carrier, not the device or operating system? For example, my carrier has allowed tethering since day one (back in 2008), whereas many carriers still don't allow it without an extra charge or a long-term contract. Jailbreaking would get around that for those carriers, I agree.


    Luckily here tethering is allowed on all devices whether on contract or pay-as-you go.

Sign In or Register to comment.