With all due respect to some very talented developers who are firmly in the iOS jailbreak camp, it might be time for iPhone and iPad users to just give up those tweaks that they feel they can’t live without. Why? Newly discovered malware called KeyRaider is infecting only jailbroken iPhones, and it has already captured Apple account information from over 225,000 users worldwide.
According to an article by Claud Xiao at Palo Alto Networks, KeyRaider targets only jailbroken iOS devices and is distributed through third-party Cydia app repositories in China. Although many of the apps are targeted at Chinese-speaking jailbreakers, the malware has affected users from a total of 18 countries including the United States.
The malware steals Apple account information by intercepting iTunes traffic, steals push notification service certificates and private keys, and steals and shares App Store purchasing information. KeyRaider sets up users of two iOS jailbreak tweaks (software packages that let users do things that are usually impossible when using standard iOS) so that they can download applications from the App Store and make in-app purchases without paying. Who pays for the apps? The 225,000 people whose credentials have been stolen.
Worst of all, KeyRaider also disables local and remote unlocking functions on iPhones and iPads, making it possible to hold iOS devices for ransom. KeyRaider can make it impossible to unlock an iOS device, even if the correct password or passcode has been entered. It can also send a ransom notification to the user without going through Apple’s servers, asking the user to call or text a number for instructions on how to pay to get their device unlocked.
The best prevention of this type of malware? Don’t jailbreak your device.