There’s been a lot of pent up anticipation for the iOS 9.3.3 jailbreak, and Pangu, the Chinese security researchers behind the latest tool, have answered the call.
Unfortunately, it appears that some jailbreakers have had various accounts compromised after jailbreaking, and several users on the popular subreddit r/jailbreak have corroborated these claims.
To be fair, it’s possible that these reported breaches are just a big coincidence, or that a compromise occurred after the tool left Pangu’s hands for distribution. Whatever the reason, however, it highlights one of the potential risks involved with jailbreaking.
The initial tool was released in Chinese and hosted by Chinese company 25PP. The jailbreak was distributed via 25PP’s “PPHelper” tool, although some users were able to directly install the jailbreak without using the helper tool.
From what we can gather thus far, the common thread between most of the jailbreakers who had accounts compromised was that they used the PPHelper tool. It’s entirely possible that this tool, which is installed on Windows machines, contained the malicious code responsible for the unauthorized access.
Multiple users are reporting unauthorized access to one or more of the following:
- Credit and Debit accounts
Most of the fraudulent access is coming from places like Taiwan, Vietnam, Beijing, or other places in China. Some of these reported locations could be operating through proxies.
There could, of course, be additional compromises, but these are the ones that seem to be the most common according to the thread on the r/jailbreak subreddit.
Saurik, Cydia’s creator, chimed in with his thoughts on the matter. He states that he trusts Pangu, the team of hackers responsible for the actual jailbreak tool, but has doubts about potential breaches that could have occurred after the tool left Pangu’s hands for distribution.
I don’t particularly like the concept of installing the 25PP tool, as Chinese companies tend to have software that is pretty intrusive and even “combative” against competitor’s software, and in general I am concerned about the way people do signature stuff which is why I worked so hard to make Impactor be able to do all the signing and communication locally.
Impactor, is of course, Saurik’s tool for signing the English version of the Pangu.ipa file. Impactor was promoted alongside the English release of Pangu, which is likely safe since it doesn’t install any software related to 25PP, and runs on multiple platforms.
That said, even the English version of the the tool is hosted on the 25PP servers, which should lend pause:
I will also say I trust Pangu a lot… but I don’t know if the Chinese version of their app was only touched by them. I bet the English one was their work only, though you are downloading it from 25PP, which opens some issues: do you trust the employees at 25PP with control over their servers?
The point of all of this is not to scare anyone who decided to jailbreak, but you should absolutely be aware of what you’re dealing with here. If you did jailbreak with the original Chinese version of this tool, I suggest restoring your iOS device via iTunes. I also recommend uninstalling the PPHelper tool if it was used, and running an antivirus scan on your PC. It should go without saying that you should check your PayPal, credit, debit and Facebook accounts for potential breaches.
As I stated during both of our jailbreak tutorials, I recommend using burner Apple IDs when it comes to the signing portion of the jailbreak process. I, for one, have decided not to jailbreak my daily driver device, but that’s a decision that each and every one of you will have to make for yourselves. Despite what some jailbreak-naysayers may claim, jailbreaking doesn’t automatically sign you up to be compromised, but you do need to be aware of potential risks.
At the very least, protect yourself by avoiding tweak installs from unknown sources. More importantly, please, please, please use 2FA for all of the online services that you use. If 2FA isn’t available for an account that you use, I’d seriously consider not using these accounts for anything of a sensitive nature.
Yes, whether people want to agree with it or not, jailbreaking brings with it inherent security risks. If you’re willing to take those risks, there are things that you can do to help mitigate potential issues. In the case of this latest jailbreak, be sure to follow the advice above.
You can also do things like change your root password, avoid shady tweaks from unknown sources, avoid piracy and pirated repos, apps and tweaks.
We’ll have more concerning the security issues related to this jailbreak as we learn more. Does this reported security breach change your stance on jailbreaking at all?