Apple is consistently ranked as one of the most trusted companies in America, which also makes the technology giant a prime target for hackers. This September, it was discovered that more than 225,000 iPhone users have had their Apple account information compromised by malware, which has been nicknamed KeyRaider. The attack targeted individuals who have been using “jailbroken” iPhones. It appears that KeyRaider was primarily lurking on Chinese websites and apps that offer software for jailbroken iPhones, but affected users have been found in 18 countries already — including the United States.
Stolen Account Information Has Been Made Public
KeyRaider takes sensitive information from iPhones, including a person’s Apple ID, password, the iPhone’s unique ID, and information about App Store purchases, and sends it back to the attacker. Once an attack takes place, an iPhone owner is unable to recover their iPhone. Some owners have found their phones locked, along with a ransom demand from the hackers, saying the phone’s access will only be restored once the hacker is paid.
Unfortunately, the hackers did not just steal the Apple accounts for their own personal use. They have created software that allows anyone the ability to access the victims’ credentials and use that information to download iTunes apps for “free.” To date, CNN Money reports that approximately 20,000 people have downloaded this software.
How Did the Accounts Become Compromised?
Jailbreaking allows an individual to customize their phone, download previously blocked apps, and among other things, select which cellular network they want to use. But jailbreaking also makes phones vulnerable to hackers and voids Apple’s warranty. That means if anything goes wrong with your phone after it’s been jailbroken, Apple may not help you. While Apple works hard to provide enhanced security features when it comes to their iPhones, they cannot protect customers who choose to jailbreak their devices in order to access forbidden areas of a phone’s file system.
Some people feel the “freedom” found with jailbreaking is worth the risk, while others — like the 225,000 who had their personal information stolen — may now feel otherwise.
The sad reality is that even if your iPhone has not been jailbroken, you could still be targeted by a smartphone hacker. Be sure to read our smartphone hack blog post on what to look for if you suspect your phone has been hacked and what to do if a hack has taken place. In addition, always keep an eye on your credit card statements, bank account balances, and any other financial institutions you may have linked to your phone and be sure to keep your phone’s software is up to date.
Image courtesy of Flickr user Simon Yeo.