Sep 01, 2015 01:30 PM EDT
'KeyRaider' Malware Exposes 225,000 Jailbroken iPhones

Androids are much more susceptible to malware compared to iPhones. This, however, does not mean iPhones are invincible to attack. In fact, the latest malware to his iOS is known as KeyRaider, Forbes reports. And yes, what is at stake here is your Apple ID keys.

Jailbroken iPhone users are the target here. Access to Apple IDs can give hackers free reign on downloading apps and media, as well as phone certificates and ID. This is a serious threat as Apple Pay access can get compromised.

Disturbingly, there were reports of ransomware exploits too, Palo Alto revealed. Hackers demanded payment in return for access to users' phones. Palo Alto published details into the discovery.

Apparently, a member of WeipTech, an amateur technical group of users of Weiphone, an Apple fan website with a large following in China, discovered the attack.

WeipTech members began an investigation in July. They found that a jailbreak tweak installed would collect user information and upload it to a website. The hack takes advantage of SQL injection vulnerability and gives access to the "top100" database.

In this database, a table labeled "aid" had 225,941 entries. An estimated 20,000 of these had usernames, passwords, and GUIDs in plaintext while the rest was encrypted. Reverse-engineering by WeipTech dug up an encryption key of a certain "mischa07."

This fixed key could open the encrypted data. From here, it was confirmed that the usernames were all Apple accounts and even validated some of them. Palo Alto researchers made an additional discovery. No malicious code was found in the tweak that WeipTech uncovered.

There were, however, other malware that would collect stolen credentials and upload them to the same server. For this reason, this family of malware was named "KeyRaider."

It is important to stress that it is only jailbroken iOS devices that are compromised as these are the only devices that could benefit from access to the Weiphone collection of jailbroken apps.

There are 18 countries affected, including China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.

 PREVIOUS POST
NEXT POST