Main menu

Pages

Jailbreak tweak allegedly steals 220,000 iCloud email addresses and passwords

It’s a number that’s bound to raise some eyebrows: 220,000 iCloud accounts breached in what is being called a backdoor attack made possible by a malicious jailbreak tweak.

This leak, which was brought to our attention by /r/jailbreak, was reported by a Chinese online vulnerability reporting platform called WooYun. It’s an information security platform where security researchers report vulnerabilities and vendors give feedback. WooYun is a legit site, and it has reported thousands of security related issues in this month alone.

220,000 users seems like a lot for one jailbreak tweak, but it’s thought a number of them may have been used, and some of them may have posed as free versions of popular paid tweaks. Reddit user ZippyDan also points out that the Chinese market traders often sell iPhones that are pre-jailbroken, and many of these may have been passed on with the shady tweaks already installed.

To keep your iCloud data safe, you should avoid installing jailbreak tweaks from unknown and untrusted sources. You should also enable two-step authentication, which would prevent someone else from accessing your account even if your email address and password was obtained.

Who’s affected?

When you start to break down the facts, it appears that this breach has had an extremely limited reach, if any, on those who jailbreak their own devices. That rules out most of those who reside outside of China and surrounding areas.

The report states that these accounts were compromised as a result of a malicious jailbreak release. By just doing some mental math, it seems highly unlikely that any jailbreak tweak would receive the amount of penetration required to affect a quarter of a million users, let alone a malicious tweak posted on some shady third-party repo. So the likelihood that this attack is the result of any of the tweaks that we use in the community is very slim.

With such a large number of compromised devices, it would seem that such an attack is the result of a more organized and methodical method of entry—a preinstalled backdoor, if you will.
reactions

Comments