Key Raider Malware Steals 225,000 Apple Credentials from Jailbroken iPhones

September 04, 2015

A newly discovered iPhone malware dubbed “Key Raider” has been recently making headlines. The good news for average iPhone users—or at least those who choose to go "stock" iOS—is that it only targets jailbroken iPhones. The malware has been found on Chinese websites that provide software for jailbroken iPhones, as well as on third party or pirated apps that can be installed on hacked phones. While Chinese users make up the majority of those affected, the malware has started spreading outside China, and has been seen making its way to users in other countries, including the U.S.

Key Raider has successfully stolen over 225,000 login credentials of Apple accounts, including thousands of certificates, private keys, and purchasing receipts, by hijacking iTunes traffic. Based on Palo Alto Networks research, the malware hooks system processes through MobileSubstrate and steals Apple account usernames, passwords, and device GUID by intercepting iTunes traffic on the device. Key Raider steals Apple push notification service certificates and private keys, steals and shares purchase information, and disables local and remote unlocking functionalities on iPhones and iPads. The cache of account details was discovered by Chinese iPhone community Weiphone after members noted unauthorized charges.

The Key Raider case serves as a cautionary tale about the dangers of jailbreaking iPhones. We previously discussed why jailbreaking is strongly discouraged by security experts. While jailbreaking unlocks some interesting capabilities, like modifying devices to the user’s preference, getting apps that aren’t available on the iTunes App Store (not to mention free pirated copies of apps that are on the App Store), it still outweighs the benefits.

The iOS platform is renowned for its “walled garden” approach to security. However, with the rising attacks on iOS devices, threats like Masque and Wirelurker have established that both jailbroken and non-jailbroken iOS devices are not free from security risks.

[READ: Millions of iOS Devices at Risk from ‘Operation Pawn Storm’ Spyware]

Jailbreaking poses a lot of security risks. In essence, jailbreaking a device is done to move away from the built-in protection offered by the default system. While it does offer some advantages, it also leaves devices completely vulnerable to threats and attacks. When users jailbreak their devices, they can never be certain of what the jailbreaking code is doing—besides exploiting found vulnerabilities on the device.

Other risks, such as voiding the warranty, leaving the user with no way to easily restore their device, and being unable to update the OS and apps should be reason enough for users to stay away from jailbreaking their devices. Not only does it prevent the user from using it without having to worry about security threats, they can’t really go forward when they find themselves stuck in a security hole.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.