Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over 225,000 Apple Accounts Compromised Via iOS Malware

Posted by Soulskill on from the seems-like-small-potatoes-these-days dept.

An anonymous reader writes: Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225,000 valid Apple accounts have been compromised. The theft is executed via variants of the KeyRaider iOS malware, which targets jailbroken iOS devices. Most of the victims are Chinese — the malware is distributed through third-party Cydia repositories in China — but users in other countries have also been affected (European countries, the U.S., Australia, South Korea, and so on). "The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device," Palo Alto researcher Claud Xiao explained. "KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads."

8 of 217 comments (clear)

  1. Jail broken devices? by Anonymous Coward · · Score: 5, Insightful

    Only jail broken devices were affected. Anyone who jail breaks is aware of the risk they are taking.

    1. Re:Jail broken devices? by geogob · · Score: 4, Insightful

      Anyone who jail breaks is aware of the risk they are taking.

      I think they just heard me laugh all the way to China. Seriously, most people can't even grasp the concept of risk when think of software and operating systems. How in the world do you expect them to understand those risk?

      No. Contrary to some believes, most (as in almost) all jailbrokers have no clue what they do and have no idea of what are the risks involved and how important (or not) they are.

  2. Re:Rotten apple ?!? by Anonymous Coward · · Score: 5, Insightful

    Affect only jail-broken devices. How is the even relevant news?

  3. Re:Headline leaves out one very important detail by dimeglio · · Score: 5, Insightful

    Pretty much. That's the point of living in a walled garden. You break the wall, who knows what's going to step inside.

    --
    Views expressed do not necessarily reflect those of the author.
  4. Re:Headline leaves out one very important detail by berj · · Score: 4, Insightful

    Your ridiculous post borders on a tautology.

    It's true... if you bypass security measures then you're no longer secure.

    That's hard for you to understand?

    You expect the lock maker to be liable if you leave your door open?

  5. Re:Headline leaves out one very important detail by Anonymous Coward · · Score: 5, Insightful

    So, if I run OpenBSD, but replace OpenSSH with Bob'sSSH, and there is a security problem with Bob'sSSH, it's OpenBSD's fault?

  6. Re:Rotten apple ?!? by Anonymous Coward · · Score: 5, Insightful

    I'd argue that it's relevant news but I would also say that people who are employing hacks on their devices should realize that the original vendor can't be held accountable for shoddy modifications from a bunch of script kiddies.

  7. Never understand jailbreaking an Apple iOS device by Aqualung812 · · Score: 4, Insightful

    I'm an Apple iOS user, and a former Palm/Windows CE/Blackberry/Windows Phone/Android user.

    I simply don't understand jailbreaking an iPhone. The whole point of me having an iPhone is to take advantage of the walled garden.

    If I want something with better hardware on a lower price that I can customize any way I want, I'd have an Android again.

    Since having a reliable and secure phone is more important to me than features, I have have decided to get an iPhone and not jailbreak it.

    Can those that do jailbreak explain why they don't go to Android?

    --
    Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.