The Palo Alto Networks security company has discovered the “largest known Apple account theft caused by malware,” and says that over 225,000 iPhones were affected. The iPhone hack was discovered along with Chinese tech group WeipTech. Though the hack is the largest known to be caused by malware, the company notes that very specific iPhones were targeted in the attack.
CNN Money reports that 225,000 “jailbroken” iPhones were hacked in the latest malware attack aimed at the Apple phones. The attack came in the form of a piece of malware named KeyRaider. The KeyRaider malware only attacked “jailbroken” iPhones. To jailbreak an iPhone means the phone’s firmware is modified to allow owners to access parts of a phone’s file systems that are otherwise restricted for security reasons. Therefore, the KeyRaider malware was mostly found in apps and Chinese software designed specifically for “jailbroken” iPhones.
Though the Keyraider malware originated in China, the security companies tracking the malware say it has spread to 18 different countries, including the United States. So, what exactly can the hackers see once the KeyRaider malware is downloaded to the iPhone? According to Palo Alto Networks, once a “jailbroken” iPhone downloads the KeyRaider malware, hackers gain access to the iPhone users iTunes App Store account information. The information shared with the hackers includes username, password, and the iPhone’s unique ID (also known as the UUID). The hackers are also given access to the iPhone user’s complete purchase history, and makes it impossible for the user to recover their phone once hacked.
According to KFOR, the hackers are giving away “free” apps to people who download another piece of software. The app allows people to purchase iTunes apps “for free” by using one of the 225,000 iPhone victims’ accounts. So far, the security firm reports that about 20,000 have used the software to steal from the hacked iPhones.
“The hackers have uploaded software that lets other people purchase iTunes apps for ‘free,’ using the victims’ accounts. About 20,000 people have downloaded the software that lets them steal from the 225,000 affected iPhone owners.”
Victims say they noticed unusual app purchases on their account and realized their phones had been “locked.” They say the hackers then offered to unlock their phone for a ransom. Chief technology officer at Good Technology Nicko Van Someren notes that iPhone users should consider security issues before jailbreaking an iPhone. Though there is some added benefit to the “extra functionality,” he notes that it may not be worth the security risk.
“Users … need to consider carefully if the additional functionality is worth the additional risk.”
Did you know the security risks associated with jailbreaking your iPhone? Do you think people will become more cautious about jailbreaking their iPhones due to the latest iPhone hack?
[Image Credit: Getty Images / Justin Sullivan]