Stolen iOS jailbreak exploit may be used to hack bank data

Security

by Jimmy Nicholls| 26 June 2014

Security researcher accuses "Chinese criminals" of theft.

A security researcher who discovered an exploit in iOS has lashed out against developers of a potentially malicious jailbreak app called Pangu.

Stefan Esser, head of R&D for German security firm SektionEins, accused the developers of stealing his work, as well as information from training sessions he runs that are supposed to be secret.

"So the Chinese criminals behind Pangu took several infoleaks from our iOS training and resold them to Chinese companies," he said.

"And they directly link my code that I give to trainees in the jailbreak. Have fun trusting your iPhone to these lowlifes."

He added that Pangu had offered to buy his exploits over the last few months, but when he refused to sell they had taken them anyway, combining them with bugs from other sources.

The jailbreak makes use of an Apple issued security certificate allowing third party applications from outside the company's store to be installed on iPhones and iPads running iOS 7.1-7.1x.

"Pangu represents a major technology leap, ultimately lowering the barrier for attackers to create sophisticated mobile-targeted attacks," said Ohad Bobrov, vice president of R&D at Lacoon Security.

Though the initial attack requires a physical connection to implement, once jailbroken a device can be accessed remotely to "send out text messages, retrieve sensitive emails [and] data from banking applications, and perform surround recording without the device's owner knowledge"

Users seek to jailbreak their mobiles and tablets as a means of bypassing digital rights management, either by accessing unofficial sources for apps or downloading software from official sources without having to pay.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.