Security researcher accuses “Chinese criminals” of theft.
A security researcher who discovered an exploit in iOS has lashed out against developers of a potentially malicious jailbreak app called Pangu.
Stefan Esser, head of R&D for German security firm SektionEins, accused the developers of stealing his work, as well as information from training sessions he runs that are supposed to be secret.
"So the Chinese criminals behind Pangu took several infoleaks from our iOS training and resold them to Chinese companies," he said.
"And they directly link my code that I give to trainees in the jailbreak. Have fun trusting your iPhone to these lowlifes."
He added that Pangu had offered to buy his exploits over the last few months, but when he refused to sell they had taken them anyway, combining them with bugs from other sources.
The jailbreak makes use of an Apple issued security certificate allowing third party applications from outside the company’s store to be installed on iPhones and iPads running iOS 7.1-7.1x.
"Pangu represents a major technology leap, ultimately lowering the barrier for attackers to create sophisticated mobile-targeted attacks," said Ohad Bobrov, vice president of R&D at Lacoon Security.
Though the initial attack requires a physical connection to implement, once jailbroken a device can be accessed remotely to "send out text messages, retrieve sensitive emails [and] data from banking applications, and perform surround recording without the device’s owner knowledge"
Users seek to jailbreak their mobiles and tablets as a means of bypassing digital rights management, either by accessing unofficial sources for apps or downloading software from official sources without having to pay.