Do you know that jailbreak tweak steals your iCloud passwords and email addresses? If you plan to jailbreak your iOS device in near future or already has got jailbroken device, beware insidious tweaks that are created to get your iCloud login credentials.
Due to new report more than 220,000 iCloud accounts were compromised by malicious jailbreak tweak or plug-in that was masquerading as trustworthy installations to get the private information. Currently it is unknown who is behind this private credentials steal case, or what they will do with all that stolen iCloud accounts.
Of course, getting access to such credentials as email addresses and passwords this group of hackers would be able to steal contact information, easily read iMessages and what is more acquire photos and other media. On the picture below you can see how it looks when accounts have been stolen.
That's why those iOS devices jailbroken users may want to pay particularly close attention, as it seems that a number of extensions and tweaks use sophisticated attack measures to acquire very specific information from the jailbroken host device.
Taking into consideration the number of 220,000 users we can say that any jailbreak tweak would receive the amount of penetration required to affect a quarter of a million users, let alone a malicious tweak posted on some shady third-party repo.
The report also claims that the Chinese market traders very often sell iPhones that have been already pre-jailbroken, and many of these may have been equipped with the shady tweaks already installed.
Here are some tips that we should all be doing to protect ourselves and to keep our iCloud data safe against jailbreak tweak steal:
- Turn on 2 Factor Authentication on your iOS device
- Don’t add shady third party repos to Cydia
- In no case install tweaks outside of Cydia
- Don’t pirate tweaks or apps
By following the above mentioned tips, jailbreakers can mitigate much of the risk when installing jailbreak tweaks.