iPhone Jailbreak Fraud Attack – Immediate Implications

A malicious website posing as checkrain[.]com was launched by hackers this week, which poses as the real site that researchers are building to modify and jailbreak iPhones. The fake site instead launches a hacking tool that tries to take over affected devices.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sam Bakken
Sam Bakken , Senior Product Marketing Manager
InfoSec Expert
October 16, 2019 1:35 pm

The jailbreak community is eagerly awaiting the release of checkra1n and adversaries are very smart about monitoring social media and current events and developing schemes to use news as fuel for fraud. Similar to attackers capitalizing on people\’s excitement surrounding Fortnite for Android this time last year by tricking users into thinking they were gaining early access but instead installing malware, adware and spyware on their Android devices — attackers are now targeting the jailbreak community specifically. This bogus website promises to jailbreak an iOS device and displays a number of animated graphics to convince the user that their device is in the process of being jailbroken when in fact it is not at all.

First of all, general iOS users should steer clear of jailbreaking their devices because it de-activates a number of standard security controls that keep them safe. Second, general iOS users should not install profiles from websites or really anywhere unless a trusted member of their IT team is guiding them.

App developers and publishers should take away from this incident that iOS is just as vulnerable as Android, and they need to take steps to fortify both their iOS and Android apps and users against threats such as these. They should institute jailbreak detection in their apps and balance that with risk indicators that might result in them limiting the functionality of an app in certain situations. And, they should implement in-app protection and app shielding capabilities that monitor their apps during runtime to identify and shut down any potentially harmful activities.

Last edited 2 years ago by Sam Bakken
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x