220,000 iCloud Accounts Leaked Due to BackDoor in Jailbroken iPhones

Apple iOS Jailbreak backdoors hidden in tweaks lead to 220,000 iCloud Accounts Being Hacked

It seems that at least 220,000 iCloud accounts have been hacked due to a backdoor implemented in jailbroken iPhones and iPads. These backdoors are implemented only on jailbroken Apple devices through some shady tweaks that users installed.

Chinese website, WooYun has reported that iCloud account details, including email addresses and passwords of nearly 220,000 iCloud users who also use jailbroken iPhones or iPads been breached.

The iCloud hack was also reported by redditor, mahmoodma and on Chinese microblogging website, Weibo.

Apple iOS Jailbreak backdoors hidden in tweaks lead to 220,000 iCloud Accounts Being Hacked
WooYun is an information security platform where researchers report vulnerabilities and vendors give their feedbacks.  Below you can see the translated version of the report posted on WooYun:

Apple iOS Jailbreak backdoors hidden in tweaks lead to 220,000 iCloud Accounts Being Hacked
Report on WooYun states that the iCloud breach is a result of ‘backdoor privacy attack‘ caused by the installation of a malicious jailbreak tweak. From the report it appears that hackers are using a variety of “built-in backdoors” in the Jailbroken version of iOS. Once the iPhone/iPad user installs the jailbroken iOS version, the tweaks containing the backdoor get activated and report the iPhone/iPad owner’s iCloud username and password to the remote server.
The report does not state which jailbreak has such tweaks and backdoors or who does the remote server belong to. It also fails to mention what the hackers have done with the 220,000 iCloud accounts allegedly breached due to this method.
WooYun has notified Apple about the issue and further details are awaited. Another redditor, n3o611 seemed to confirm that the iCloud credentials are indeed being accessed by some unknown third party.

That’s why I got a shady email yesterday which asked me to unlock my apple is maybe?

Its in German and it links me to a shady site which wants my data cc and all this stuff.

And no, its not locked 😀

Email in German:

Ihre Apple-ID (email@provider.de) wurde verwendet, um sich auf einem iPhone 4s mit dem Namen „Tarkan iPhone“ bei FaceTime und iMessage anzumelden. Datum und Zeit: 25. August 2015, 04:57 Uhr CEST Um unauthorisierte Verwendung Ihres Kontos vorzubeugen, wurde Ihre Apple-ID automatisch gesperrt. Sie können erst wieder auf Software-Updates, iTunes Store, iCloud oder den Apple-Store zugreifen, wenn Sie Ihre Apple-ID entsperren. Um Ihre Apple-ID zu entsperren klicken Sie hier. Dies ist eine automatische Nachricht. Bitte antworten Sie nicht auf diese E-Mail. Mit freundlichen Grüßen Apple Support

Tranlation : Your Apple ID (email@provider.de) was used to log on an iPhone 4s with the name “iPhone Tarkan” FaceTime and iMessage. Date and Time: August 25 2015 04:57 EDT clock To prevent unauthorized use of your account, your Apple ID is automatically disabled. You can only again to access software updates, iCloud iTunes Store or the Apple store when you unlock your Apple ID. To unlock your Apple ID, click here. This is an automatic message. Please do not reply to this email. Sincerely Apple Support

mahmoodma has also posted proof of iCloud credentials which are leaked (user name has been blurred)

Apple iOS Jailbreak backdoors hidden in tweaks lead to 220,000 iCloud Accounts Being Hacked

Here are some steps that you should implement to help protect yourself:
  • Enable 2 Factor Authentication for your iCloud Account
  • Do not install jailbreak tweaks from unknown and untrusted sources
  • Do not use unknown tweaks or apps.

LEAVE A REPLY

Please enter your comment!
Please enter your name here