BitDefender Warns iPhone Jailbreakers About Security

Now that jailbreaking iPhones is completely legal, fans are raving about jailbreaking their devices. Who wouldn’t be? Even if I don’t own an iPhone, the prospect of seeing what other folks would and could do to their devices is enough to get me hyped up.

However, this would open the floodgates of potential security risks for iPhone and iPad users. I received an email from BitDefender warning against a new malware threat that has taken advantage of the jailbreaking craze:

BitDefender has identified a malware distribution campaign in which users receive an email where they find out they could receive a new application for iPhone jailbreaking. All the email recipient has to do is click a link that will take them to the webpage where the desired software awaits.

As the email recipient goes further into this labyrinth and clicks the link, an exe file attempts to download to their computer. But once saved and run, the executable opens the way for a Trojan.

Identified by BitDefender as Trojan.Generic.3010833, this piece of malware is a keylogger that transmits everything the user writes on the computer to a specific email address, in this particular case to directory[REMOVED]

This allows the malware creators to intercept the victim’s visited sites, usernames, passwords, and bank accounts information – such as pin number, bank account numbers, passwords, etc.

Common sense would be a good first line of defense. If you’re going to jailbreak your iPhone or iPad, be very careful about any third-party app you’re going to install because it might just be loaded with malware. Do some background check on it first, like asking the developer or users who have already used the app.

Stay safe and have fun with jailbreaking your iPhones and iPads!

One Reply to “BitDefender Warns iPhone Jailbreakers About Security”

  1. The warning from bitdefender is about an e-mail is pretending to be a jailbreak application and infects Windows computers not iPhone and iPads. As stated clearly in the email, the trojan is an .exe file. iOS devices don't have .exe files and won't run exe files even if you force it to.

    Jailbreaking is fairly safe if the user knows what he/she is doing. First rule in jailbreaking is changing the default SSH username and password.

    In cases where the user does not change the default SSH username and password, the hacker needs to be in the same WiFi network (same location) to be able to gain access to the device and wreck havoc while the device is being used actively (iOS devices automatically turns off the WiFi radio when not in use) .

    The chance of installing malicious 3rd party applications is also slim because:

    The code of 3rd party applications are screened before being allowed in the App Store;

    Apps from Cydia (App Store Alternative available only to jailbroken devices) are also screened by maintainers of repositories; and

    Adding an unverified repository means the user has intermediate to advance knowledge of jailbreaking which also means a high likelihood that he/she changed his default SSH username and password.

    In the unlikely and rare event that an iPhone/iPad is compromised, a simple restore via iTunes fixes it.

    Just the same, this is not to say that iOS devices are immune from exploits. The point that I am trying to say is that iOS devices are not that vulnerable, including jailbroken ones.

Leave a Reply