Jailbreaking is something that some people like and do but most of us not. We asked ourselves the question why wouldn’t you jailbreak your device? And we found out it’s not without risks. The process of jailbreaking an iPhone allows the user to tweak the system beyond what Apple allows you to do with your device. It opens up the possibility for a fully customized iOS system, outside of what Apple allows you to do, and that's exactly why it appeals to ‘jailbreakers’.
When you get your brand new Apple device it doesn’t just look pretty, Apple wants to make sure that the user experience is also ‘pretty’. That’s why they place restrictions on her products to prevent non-Apple approved programs or apps (malicious or not) to run on iOS devices.
However, when you jailbreak a phone it is possible to download software packages and jailbroken versions of apps from jailbreak-app-communities such as Cydia Repositories. Unlike what happens when you want to publish an app to Apple’s app store, Cydia does not have any review or curation process or policy. Anyone (including hackers) can publish their app on these platforms without any accountability.
As long as you don’t download these you could ask: then what is the problem here? According to articles that appeared in the news this week, some Cydia software targeting iOS devices is responsible for stealing 225.000 iCloud accounts and passwords by sending them to a remote server. It seems that stock apps have been replaced by modified versions that will now share the login credentials of accounts like iCloud. Research center Palo Alto Networks and the Chinese Apple fan and amateur tech group WeipTech, have come out with a report on this new iOS malware. It goes by the name KeyRaider, and it targets jailbroken iOS devices and is distributed through third-party platform Cydia in China.
Who is at risk? People who buy second hand electronics or import from these devices from unverifiable sources. In this case users of Chinese phone’s which where jailbroken before they were sold to you. The apps on the device look and work the same, but in the meantime valuable data is captured by a third party you don’t know about.
How to solve it? There are two solutions. First of all, you can enable 2 step verification for Apple ID, iTunes and iCloud on your iPhone. Secondly, you can restore your device reversing the jailbreak by a clean install. And if you haven’t jailbroken your device and you haven't installed any dubious third-party tweaks, you should be safe from this hack. Although enabling 2-step verification is a good thing, regardless.