Slashdot Mirror
Over 225,000 Apple Accounts Compromised Via iOS Malware
An anonymous reader writes: Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225,000 valid Apple accounts have been compromised. The theft is executed via variants of the KeyRaider iOS malware, which targets jailbroken iOS devices. Most of the victims are Chinese — the malware is distributed through third-party Cydia repositories in China — but users in other countries have also been affected (European countries, the U.S., Australia, South Korea, and so on). "The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device," Palo Alto researcher Claud Xiao explained. "KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads."
Only jail broken devices were affected. Anyone who jail breaks is aware of the risk they are taking.
Well, it's the same distinction that people miss on over 99% of android malware. The overwhelming majority of the malware is only viable on rooted devices and is spread via third-party app stores and "free" APK download sites.
Affect only jail-broken devices. How is the even relevant news?
Pretty much. That's the point of living in a walled garden. You break the wall, who knows what's going to step inside.
Views expressed do not necessarily reflect those of the author.
Your ridiculous post borders on a tautology.
It's true... if you bypass security measures then you're no longer secure.
That's hard for you to understand?
You expect the lock maker to be liable if you leave your door open?
So, if I run OpenBSD, but replace OpenSSH with Bob'sSSH, and there is a security problem with Bob'sSSH, it's OpenBSD's fault?
Headline leaves out the fact that this isn't just any old iOS malware. It affects only *jailbroken* devices.
That's a pretty important distinction.
So important that you couldn't get to the third line were it is clearly stated.
I'd argue that it's relevant news but I would also say that people who are employing hacks on their devices should realize that the original vendor can't be held accountable for shoddy modifications from a bunch of script kiddies.
Yes.. it's important enough that it should be in the headline. It's just about the most salient fact about this exploit.
Would this be any different with Android or Microsoft?
Root your device, and install software from unknown places ... and guess what ... it doesn't matter whose damned platform you're running.
Hell, you can get malware from using download.com, cnet and other places too.
News flash ... installing software from unknown sources can be a security risk no matter what your damned platform.
Apple (or any other vendor) can't do a damned thing to protect your security when you go to great lengths to install software from sources you can't trust.
Lost at C:>. Found at C.
I'm an Apple iOS user, and a former Palm/Windows CE/Blackberry/Windows Phone/Android user.
I simply don't understand jailbreaking an iPhone. The whole point of me having an iPhone is to take advantage of the walled garden.
If I want something with better hardware on a lower price that I can customize any way I want, I'd have an Android again.
Since having a reliable and secure phone is more important to me than features, I have have decided to get an iPhone and not jailbreak it.
Can those that do jailbreak explain why they don't go to Android?
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.