Is jailbreaking dead? No. A quick search on Twitter or on Reddit, and it’s obvious that the passion for jailbreaking continues to ebb and flow throughout the community. Jailbreaking isn’t dead as some may think, but no one can discount the fact that it’s entered a sustained lull. expand full story
IOS jailbreaking Stories May 10, 2016
IOS jailbreaking Stories September 1, 2015
iOS jailbreak malware stole 225,000 Apple IDs across 18 countries, but it’s unlikely you’re at risk
Researchers from Palo Alto Networks have discovered that a piece of iOS malware successfully stole more than 225,000 Apple IDs and passwords from jailbroken phones, using them to make purchases from the official App Store. The malware, dubbed KeyRaider, also has the ability to remotely lock jailbroken iOS devices in order to hold them to ransom.
These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users. The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials.
However, it’s extremely unlikely that you’re at risk: the malware can only run on jailbroken devices, and appears to spread through only one set of Cydia repositories, run by Weiphone.
The malware was used in two tweaks that allow those running them to download paid apps and make in-app purchases from Apple’s official App Store without payment. The tweaks used the stolen credentials to make the purchases.
If you think your iPhone or iPad may be at risk, Palo Alto Networks has provided the following instructions to detect and remove the malware. Further details over at the company’s lengthy blog entry.
Users can use the following method to determine by themselves whether their iOS devices was infected:
- Install openssh server through Cydia
- Connect to the device through SSH
- Go to /Library/MobileSubstrate/DynamicLibraries/, and grep for these strings to all files under this directory:
If any dylib file contains any one of these strings, we urge users to delete it and delete the plist file with the same filename, then reboot the device.
We also suggest all affected users change their Apple account password after removing the malware, and enable two-factor verifications for Apple IDs.
The company also notes that not jailbreaking iOS devices is the only way to protect against such exploitation.
IOS jailbreaking Stories March 6, 2015
Hundreds of iOS developers have been working with Apple in secret Cupertino-based sessions on apps for the Apple Watch, and now we’ve learned that this list includes game developers. According to two sources, multiple “mass market, casual” game developers have been in the running to show off light games on stage during Monday’s “Spring Forward” event in San Francisco. While Apple could end up not showcasing games next week, we’re still told that they are championing the idea of light weight gaming on the Apple Watch. As one source said, “the iOS gaming ecosystem will be well represented on the Apple Watch despite [the simplicity] of the Software Development Kit (SDK)…
IOS jailbreaking Stories December 10, 2014
TaiG jailbreak almost instantly updated for iOS 8.1.2, download available now
Prominent jailbreakers i0n1c and iH8sn0w had strongly suggested that yesterday’s release of iOS 8.1.2 wouldn’t block the TaiG jailbreak, and this has now been confirmed: the latest version is available just a day after the iOS update.
The jailbreak supports all devices capable of running iOS 8, including the iPhone 6/Plus, iPad Air 2 and iPad mini 3.
It’s Windows-only for now, with a Mac version promised later. The Pangu team released an OS X tool for its own jailbreak last month.
Via Redmond Pie
IOS jailbreaking Stories November 7, 2014
Cydia creator Jay Freeman (better known as Saurik) has tweeted that the Pangu jailbreak for iOS 8.0 to 8.1 is now “stable enough” for use.
We first saw a developer version of the jailbreak last month, with a user version released a week later, complete with Cydia installer. The installer is Windows-only, but it’s an untethered jailbreak, so once it’s done you won’t need to reconnect to a PC following a reboot … expand full story
IOS jailbreaking Stories April 22, 2014
Chinese iOS malware stealing Apple IDs and passwords from jailbroken devices
Security researcher Stefan Esser (via ArsTechnica) has discovered that an issue reported on Reddit as causing crashes on jailbroken iPhones and iPads is actually a piece of malware designed to capture Apple IDs and passwords from infected devices.
This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections. From these connections it tries to steal the device’s Apple-ID and corresponding password and sends them in plaintext to servers with IP addresses in control of US hosting companies for apparently Chinese customers.
Early indications are that the source of the malware is likely to have been from a tweak downloaded from somewhere outside of Cydia. Esser has identified that the code only runs on 32-bit devices, meaning that the iPhone 5s, iPad Air and iPad mini with Retina display are safe, while other devices are vulnerable.
The blog post says that the malware is easy to check for, but may not be easy to remove. Using SSH/Terminal, check the path /Library/MobileSubstrate/DynamicLibraries/ for the presence of either Unflod.dylib or framework.dylib.
Currently the jailbreak community believes that deleting the Unflod.dylib/framework.dylib binary and changing the apple-id’s password afterwards is enough to recover from this attack. However it is still unknown how the dynamic library ends up on the device in the first place and therefore it is also unknown if it comes with additional malware gifts.
We therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak.
Cydia developer Jay Freeman, aka Saurik, pointed out on Reddit that adding random download URLs to Cydia is as risky as opening attachments received in spam emails.