Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over 225,000 Apple Accounts Compromised Via iOS Malware

Posted by Soulskill on from the seems-like-small-potatoes-these-days dept.

An anonymous reader writes: Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225,000 valid Apple accounts have been compromised. The theft is executed via variants of the KeyRaider iOS malware, which targets jailbroken iOS devices. Most of the victims are Chinese — the malware is distributed through third-party Cydia repositories in China — but users in other countries have also been affected (European countries, the U.S., Australia, South Korea, and so on). "The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device," Palo Alto researcher Claud Xiao explained. "KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads."

4 of 217 comments (clear)

  1. Headline leaves out one very important detail by berj · · Score: 5, Informative

    Headline leaves out the fact that this isn't just any old iOS malware. It affects only *jailbroken* devices.

    That's a pretty important distinction.

    1. Re:Headline leaves out one very important detail by gstoddart · · Score: 4, Informative

      Oh, really?

      The theft is executed via variants of the KeyRaider iOS malware, which targets jailbroken iOS devices. Most of the victims are Chinese â" the malware is distributed through third-party Cydia repositories in China

      The headline might leave it out, but the summary sure makes it plain.

      --
      Lost at C:>. Found at C.
  2. Re:Never understand jailbreaking an Apple iOS devi by joh · · Score: 4, Informative

    Of course jailbreaking iOS puts it into some insecure state. Quite literally. Jailbreaking circumvents code signing for all code that runs on the device which means that every bit of code that makes its way onto the phone will happily run now. Also using the repositories means that you will install undocumented binary code from unknown people. Since you don't have the sources there is no way to check what this code does and since whoever wrote that code faces no risk when his code is discovered to be malware there's very little you can do after the fact.

    This is less secure than a device that is not jailbroken.

    I mean, do what you want to do by all means, but at least try to know what you're doing so you can correctly balance the risks and advantages you get by what you're doing.

  3. Re:Rotten apple ?!? by Noah+Haders · · Score: 5, Informative

    You buy an iPhone, you get your just desserts.

    I would say you jailbreak your iphone using software from unidentified hackers, then install software from unknown parties that can access root processes, you get your just deserts.