Apple has recently faced its largest hack caused by malware. More than 225,000 iPhone Apple accounts have been stolen by hackers, without the users’ even knowing. Network companies Palo Alto and Weiptech both discovered the attack – their research showing that data was being obtained via malware, and then distributed by using the popular jailbreak tool Cydia.
‘Jailbreaking’ your phone means removing hardware restrictions on iOS so as to access banned apps and to customise your phone, amongst other things. It is particularly popular in countries where users face tighter controls and constraints.
For this reason the malware, nicknamed KeyRaider, is mostly found in Chinese websites and apps that provide software for jail-broken phones. Yet it has made its way beyond China, showing up in 18 countries thus far.
Once infected with the KeyRaider malware, a jailbroken iPhone will give up all of its owner’s iTunes App Store information to the hackers, including username, password, App Store purchases and the phone’s unique ID. The malware will also prevent victims from recovering their phones once they’ve been hacked.
What is perhaps most disconcerting is the hackers’ decision to upload software that then allows other people to take advantage of the stolen information, purchasing iTunes apps for “free” by using the victims’ accounts. There have been around 20,000 downloads of the software so far.
Of course if we look at this from a different perspective the first thing we should acknowledge is that only jailbroken phones are at risk. Which, in the grand scheme of things means just a small percentage of iPhone users will be affected by this particular hack.
The advice then is for users to avoid downloading any apps that have not been sanctioned by Apple, and to change passwords regularly and of course use different passwords for different accounts. There is also the option of taking your iPhone to an Apple store where you can voice any queries in a free consultation.
