Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on August 31, 2015

Jailbreak attack reportedly stole more than 225,000 Apple logins

Jailbreak attack reportedly stole more than 225,000 Apple logins
Owen Williams
Story by

Owen Williams

Former TNW employee

Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their word Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their words friendlier. In his spare time he codes, writes newsletters and cycles around the city.

Researchers for Weiptech and Palo Alto networksrevealed today that more than 225,000 valid Apple accounts were stolen from jailbroken users without their knowledge.

The credentials were stolen via malware that was distributed using the popular jailbreak tool Cydia, which makes it easy to install tweaks and researchers report that accounts from 18 countries were stolen.

More than half the email addresses discovered used Tenecent’s email services, though qq.com, 163.com and icloud.com were the next most popular.

The malware, called KeyRaider, uploaded stolen logins to a server which contained vulnerabilities itself.

The researchers reverse-engineered the hack and attacked the control server where the data was stored, getting in via a SQL injection vulnerability and downloading around half of the entries before being cut off.

KeyRaider was only found to be distributed via apps found in Weiphone’s Cydia repositories and sent back credentials, purchasing receipts, device IDs and other data without user knowledge.

If you’re into the nitty-gritty, you can read more details here, but the news highlights yet another reason to not jailbreak iPhones in 2015.

Earlier this year we learnt that Hacking Team was exploiting jailbroken users to gather information about them without their knowledge on behalf of rogue governments.

What’s the best way to protect against such attacks? Avoiding jailbreak, as tempting as it may be. These days it’s far less necessary than it used to be and isn’t worth the risk.

iOS malware steals 225,000 Apple accounts [Palo Alto Networks]