Why you really don’t need to worry about KeyRaider or iPhone hacks

Headlines have been circulating all week about a nefarious hack that has compromised nearly a quarter of a million iPhones. Security researchers discovered an exploit dubbed KeyRaider which has supposedly hacked more than 225,000 iPhone accounts. The news is salacious for iOS—which has a reputation for being innately secure—but it’s also very misleading. The reality is that the vast majority of iOS users have nothing to fear from KeyRaider. Almost all, really.

The crucial element that makes KeyRaider a threat only to a small minority of iPhone users is that the exploit only works on jailbroken iOS devices. In other words, KeyRaider didn’t really hack the victims’ iPhones—the victims hacked their own iPhones first and opened the door to allow a threat like KeyRaider to compromise their accounts.

“This may be a hack against the iPhone, but it really is not a hit on Apple’s reputation since it only affects jailbroken iPhones,” agrees Stephen Coty, chief security evangelist for Alert Logic. “This means if you have unlocked from the Apple only network, and can then buy downloads from other sources other than Apple’s official app store, and use previously locked functions of the phone such as command line interfaces and Wi-Fi scanning capabilities. If you have jailbroken your iPhone, you are turning the phone into a potential portable hacking device that fits in your hand.”

Coty added, “What seems to be cool about the KeyRaider malware is that it not only scrapes your account data, but it also can lock your phone very similarly to ransomware that has been plaguing many individuals across the world.”

Proceed at your own risk

For those who made a conscious decision to violate the EULA, void the warranty and forego the inherent protection Apple provides for iOS by jailbreaking their iPhones or iPads the headlines announcing that they’re at risk should come as no surprise.

“When people jailbreak their iPhones, they usually know they are trading some security for flexibility,” explained David Gibson, VP of strategy & market development at Varonis. “That’s kind of the point – you get root access to the iPhone and the flexibility to install software that hasn’t been approved by Apple, but you also run a greater risk of getting malware on your phone. Balancing security with flexibility and productivity is a tricky thing, and today’s news shows how difficult it is for consumers to maintain that balance on their own.”

Stop the FUD

FUD—fear, uncertainty, and doubt—makes for sensational news and drives people to be concerned about things they don’t need to be concerned about or buy products to protect against threats that aren’t real. Breathless headlines about hundreds of thousands of Apple iPhones or iOS accounts being hacked incite anxiety for millions of iOS users who actually have nothing to fear because they haven’t jailbroken their devices.

Alert Logic’s Coty wrapped up with a reminder: “As I said, it only works on a jailbroken iPhone device. If you only receive your software updates and apps from the official app store, then you have nothing to worry about.”

I have my own take on that advice. My recommendation is that if you think you want an iPhone but plan to jailbreak iOS so you can have more control over the hardware and OS do yourself a favor and just buy a Samsung Galaxy S6. That is the “iPhone for Android fans who don’t like Apple’s ‘walled garden’ and want more power to customize their mobile device experience.”

7 thoughts on “Why you really don’t need to worry about KeyRaider or iPhone hacks”

  1. I want to explain why many in the US JB community shouldn’t worry..

    The malware came from 2 repos out there, Weiphone and Bamu. Neither of these repos are default repos when a phone is JB, so you’d have to manually add them. And they’re primarily foreign language tweaks, so I’d say about 90% of the US JB community has nothing to worry about..

    Unless of course you believe the scare tactic media.

    Source : The Palo Alto Networks article that contains the factual and technical data from 8/30/2015.

    1. Not entirely correct, there are other repos which had KeyRaider
      The apps are not primarily foreign language tweaks.
      I know this because:
      a) Bamu is not a repo, but a user of Weiphone
      b) Weiphone was only one (although the largest) of repos spreading the trojan
      c) I had installed several apps which have nothing to do with foreign language tweaking and most of them indeed have the trojan

      What the media got right is that a large proportion of users with Jailbroken phones are affected, the point of a jailbroken phone is you can install anything, so generally that’s what those users do, install anything. Should media ignore news because it does not affect everybody? There would be very little news at all if that was the case.

      1. Well, the Palo Alto Networks article states, “Bamu’s personal repository” as a source, and lists an address of http://apt.so/aptso. Not that I’d attempt to see if I could add that as a repo (and actually I think the article stated it is now down).

        Also, I doubt a “large proportion of users with Jailbroken phones” are affected. I’d agree to a large proportion of Chinese users with Jailbroken phones. But as I mentioned, a very small ratio of US users.

        Could you shed some light on what non-foreign apps you installed that were infected with KeyRaider? I’m sure there are thousands of people interested as I haven’t seen any other evidence of your claim.

        1. ignorance is bliss, as long as it doesn’t affect the majority of US based users you have no interest?
          why do you believe that this would only be possible on chinese jailbroken iphones
          how do you know the same isn’t happening all over the place, this is just the first evidence (probably as this hacker wasn’t very careful)
          you can keep living in your (US) bubble, don’t complain later that nobody ever tried to tell you things that happen to others may happen to you (or have even already happpened to you)

          1. Oh wow.. Came back to read this and laughed.

            My issue is this article that basically says “You don’t have to worry about this, unless you’re jailbroken.” I was trying to do some people a favor, take it a step further, and explain why they are likely not affected.

            You can call me ignorant and cry your case all you want. It sounds like you got infected and I didn’t. Don’t know what to tell you other than maybe you’re paying attention to the wrong (bubble) and should stick to your own?

        2. the apps/tweaks I installed allowed install of pay-for apps without paying and other allowed getting (some) in-app purchased items for free.
          it was not for criminal purposes, it was to see if it worked (which it did) and to try to find out how to protect against it (not so easy actually)

          there are hundreds of apps (some are actually tweaks and not really apps) affected that have the hacks, all sorts of stuff

          and who says the same hacker hasn’t done the same on english based app stores? (or will do so in the future)?

          it’s a very dangerous attitude to ignore vulnerabilities, doesn’t matter who or where they are found or what impact has been discovered to date, the important thing is the vulnerability/danger itself

Comments are closed.

Scroll to Top