225,000 Jailbroken iPhones Hacked!
Sequence of Events of 225,000 Jailbroken iPhones Hacked
Per Forbes, Chinese Tech and Apple Enthusiast Group WeipTech “began investigating reports that some users’ Apple accounts were used to make unauthorized purchases and to install iOS apps. By looking at jailbreak tweaks these users had installed, they found one tweak that collected user information and uploaded it to an unexpected website. They then found this website has a trivial SQL injection vulnerability that allows access to all of the records in the “top100” database. In this database, WeipTech found a table named “aid” that contains 225,941 total entries. Approximately 20 thousands entries include usernames, passwords and GUIDs in plaintext, while the rest of the entries are encrypted” (Forbes, 2015).
WeipTech was able to discern the encryption algorithm as AES (Advanced Encryption System) and decrypt the key as “mischa07”
Per Palo Alto Networks in conjunction with WeipTech, approximately 225,000 Jailbroken iPhones have been compromised. This is not applicable to all iPhones, only those that are jailbroken. “Jailbreaking” iPhones is a method by which the user of the iPhone essentially hacks or overrides Apple’s default security system using software on a computer via web interface or download to allow users more options in customizing the phone or installing 3rd party software. A definition of jailbreaking is here. This is potentially dangerous, as made obvious by this breach.
Scope of Attack(s)
The scope (as of the time of this blog) is only 225,000 Jailbroken iPhones in China and 18 other countries, including the United States. The number will likely grow, as will the impact. Software used to purchase items in iOS using the stolen credentials has been downloaded 20,000 times at the time of writing this blog. Illicit application developers will likely use this as a spring-board to make an easy dollar in terms of using the credentials to purchase their app (at whatever price they choose) in massive quantities.
Technical Details Known Thus Far
The source of the attack is a piece of malware called “KeyRaider” according to CNN Money. Wired states that the malware hides in packages that ‘tweak’ the operating system and then intercepts the user’s iTunes account information, including the payment data, thus allowing the software to allow other people to make paid purchases in iOS using the stolen information.
How the 225,000 Jailbroken iPhones Hack could have been prevented
Simply put, the hack could have been prevented by not jailbreaking ones device. There are antivirus solutions for the iPhone. Examples are: Avira, McAfee, F-Secure Safe, Norton Mobile Security, Virus Barrier and Lookout. These should certainly be used if the user plans on jailbreaking the device and wouldn’t hurt any user to install an antivirus. This is part of a sound Defense in Depth strategy. Advanced Persistent Security can help your business come up with such a strategy. Contact Us for more information.
What to do if you think you’ve been breached in the 225,000 Jailbroken iPhones Hack
If you have a Jailbroken iPhone and think you may be impacted by this, WeipTech has also made available a service at http://www.weiptech.org/ for potential victims to query whether their Apple account(s) were stolen. Palo Alto Networks reported the stolen account information to Apple as well.
Furthermore, you should change your Apple ID (email address) and password in addition to informing the issuer of the credit card used for your Apple account. You should also do a factory reset on your phone and restore the native security functions and seriously reconsider whether you should jailbreak your device in the future.
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our About Us page.