Over 225,000 Apple ID Credentials Stolen From Jailbroken iOS Devices

Cybercriminals have reportedly stolen over 225,000 Apple ID account credentials from jailbroken iOS devices, using a type of malware called, “Keyraider”.  The criminals have been using the stolen credentials to make in-app purchases with user accounts. Keyraider poses as a downloadable app, but once it’s on the user’s phone, it steals the user’s account login credentials, device GUID (globally unique identifier), Apple push notification service certificates and private keys, and iTunes purchase receipts. These attacks happened mainly in China, but jailbreaking is not exclusive to China. Jailbreaking is practiced by iOS users all over the world.

Jailbreaking your device is a security risk

This news is a timely reminder about the downside to jailbreaking your Apple iOS device. It sounds like a great idea, in theory, but what many often overlook is that while jailbreaking allows Apple users to bypass many iOS operating system restrictions they might consider burdensome, for example being only able to download apps from the Apple iOS App Store, it also means that cybercriminals have much more freedom to attack the device. 

One of the biggest reasons that jailbreaking puts your phone or tablet at risk is that it disables the “sandboxing” feature native in all Apple devices. Sandboxing keeps third party apps out of your operating system, and only allows those apps certain permissions to your information (which these apps “ask” for through pop-ups to be approved by the device user). Because these apps need your explicit permission to look through your photos, access your location, or look up your contacts, it’s highly unlikely that malicious code can get through to do damage or steal your information. Once you remove the sandbox, any app can access all of your private information, including malicious apps posing as legitimate apps.

While iOS has strict guidelines and conducts rigorous reviews of every App in its store, making it harder for many apps to get in, those guidelines and reviews also make it much more secure than third party app markets. Third party app stores are notorious in the cybersecurity world for unwittingly hosting malicious apps. Cybercriminals will often create copies of legitimate apps to disguise their malware. Often the malware will be disguised as a free version of an app that costs a few dollars in the App Store (beware of things that seem "too good to be true" online--they often are). Once the malware is downloaded, it can gain access to all of your information, because there is no sandbox to keep it out of your OS. Your privacy and your financial information could be easily accessed and exposed, as it was with Keyraider victims.

When it comes to security and what’s at stake if cybercriminals gain access to all of your information, jailbreaking just doesn’t seem worth it for a free app or free in-app purchases. 

Top tips for iOS device security:

  • Avoid jailbreaking the device and if you do, be aware of the security implications of doing so.
  • Lock your phone with a PIN number or password. The longer the PIN better. Remember these days most people store lots of sensitive information on their phone. Locking it helps ensure that information won’t end up in the hands of the wrong person if you ever lose your phone.
  • Periodically back it up. That way if something does ever happen to the phone, you won’t lose all your data. With a new phone in hand you can easily restore all of your data and settings.
  • Take time to read the reviews of apps in the app store – the rating of the app can and will tell you something.
  • Look at when the app was published – how do you feel about using a brand new app or one that is used by few people? How does that fit with your tolerance for risk?
  • Pay attention to what the app is asking permission to do. Is a game app asking for your location information? Is a news app asking for access to your contacts? If it seems strange to you, don’t allow permission until you find out how the app is using this information by reading its terms of use policy.