7

Are there examples of malware that affects jailbroken iOS devices that doesn't require installation of shady packages (e.g. something that can compromise a device just by opening a PDF or visiting a site)?

Daniel
  • 34,803
Julio R.
  • 218
  • It doesn't match your criteria, but my most memorable vulnerability involves installing OpenSSH / SSHd and doing nothing else. Many people use OpenSSH very legitimately for on-device file management. Legitimately meaning the package is legitimate (and has long since been patched regarding this vulnerability). – Jason Salaz Feb 23 '12 at 06:21
  • Oddly it was a PDF vulnerability that allowed a jailbreak in iOS 4.3.x. Then, a jailbroken iOS device that was patched prevent further PDF exploits. – osx86x Feb 23 '12 at 10:30
  • Do you think you could accept an answer? It's been a few months since you asked. – Andrew Larsson Jun 12 '12 at 18:05
  • If there's a problem you're trying to solve - feel free to edit those details in to help the most people put answers into context – bmike Oct 15 '13 at 15:28
  • Do you consider this question to be unanswered? If so, could you explain how I could make my contribution better? – Andrew Larsson Oct 18 '13 at 19:24

3 Answers3

5

I hate to say it, but in all my years of jailbreaking I have yet to see any type of malware have any real impact on the iOS community. Sure there was the infamous SSH vulnerability, but that was patched rather quick. That's the beauty of jailbreaking; we don't have to wait for Apple to release a fix. Most people fear that jailbreaking is insecure and puts your device at risk. That's far from the truth. My favorite example is the jailbreakme.com PDF exploit for iOS 4.3.3. At the same time they released the exploit, they pushed a patch to Cydia. As soon as you jailbroke, you were advised to install the patch, so that your device could not be further compromised. It took Apple a lot longer to implement and roll out their fix. In that situation, it was better to jailbreak than to not, because unless you had the patch, someone with bad intentions could have abused the exploit and done anything they wished with your device. Sure, you can be careless and install some malicious software, but most of the time it's the user's fault, because you always should be careful with what you do in a limited-regulation environment. As a final answer to your question, there were a few PDF exploits that were triggered merely be visiting a website (jailbreakme.com), but those vulnerabilities were never used for evil.

Edit: Another malware example has popped up, but it's not specific to jailbroken devices; it can remotely jailbreak any device without user interaction. This is the first time we've seen a remote jailbreak being used in the wild for malicious use. Apple has already patched it - they patched it quick. But the jailbreak community took a few months to patch it.

Andrew Larsson
  • 4,532
  • This journalist doesn't seem to agree: "Don’t Jailbreak Your iPhone if You Want to Stop Government Spyware" https://www.intego.com/mac-security-blog/dont-jailbreak-your-iphone-if-you-want-to-stop-government-spyware/ – franck May 01 '16 at 14:03
  • The malware the author wrote about requires you to install shady packages which the question specifically asks to ignore. – Andrew Larsson May 01 '16 at 23:54
-1
Matteo
  • 8,855
  • All of that malware requires you to install shady packages which the question specifically asks to ignore. None of them mention injection vectors that don't specifically require manual installation. Also, both of the "unnamed" ones are both the same malware, and it has a name - "Unflod." – Andrew Larsson May 02 '16 at 00:02
-2

If you leave your device unattended for just a couple of minutes a trojan horse can be quickly installed. It takes roughly 1-2 minutes to install it on a jailbroken device.

Herr
  • 374
  • Are you speaking hypothetically, or have you found trojan horse software or have personal experience with having your iOS device compromised? – Adam Davis Mar 26 '12 at 19:50
  • 1
    Good thing I lock my device compulsively. In all seriousness though, unrestricted physical access is where most security ends, jailbreak or no. – Julio R. Mar 26 '12 at 20:20
  • @adamdavis I've witnessed the installation personally. – Herr Mar 26 '12 at 20:51
  • @julioR locking the device would make it difficult but not impossible. Leaved locked for say, half an hour and you got the malware, despite the lock :) – Herr Mar 26 '12 at 20:52
  • 3
    @HerrKaleun Prove it. Show me anything that proves it. – Andrew Larsson Mar 27 '12 at 00:26
  • 2
    In all my couple years of jailbreaking I have never seen a trojan. Permit me to say: "pics, or it didn't happen". – sudo rm -rf Mar 27 '12 at 02:48
  • http://spyera.com a simple google search will lead you directly to the malware itself. You take the phone in your hands, add the repo to cydia, download the malware and you are ready to go. – Herr Mar 27 '12 at 06:23
  • 1
    That's a legitimate application with legitimate uses. Parents could install it to their child's iPhone to make sure they're safe. You could use a lot of real applications for ill. That's not malware or a trojan. That's spyware at the least, and who leaves their phone unattended anyways? That's like saying someone could steal your car if you left your keys laying around. – Andrew Larsson Mar 27 '12 at 15:23
  • @andrewlarsson your explanation is over-simplified. You could be with your friends and they could make a bad prank that could have devastating result. It's not something like the car keys but it's still very serious stuff. And btw, it is malware. – Herr Mar 28 '12 at 21:26
  • 1
    @HerrKaleun You could be with your friends and they could type sudo rm -R into your terminal. There's a difference between an intentionally installed package and some remotely installed malware. You can't get this spyware installed by just going to a website. The PDF exploit I referred to needed no user consent. User consent is the key. Something someone does on the device when they physically have access to it is different than getting sent/clicking a link that gives you a virus without you knowing it. – Andrew Larsson Mar 28 '12 at 21:43
  • @HerrKaleun There are some real iPhone apps in the AppStore that do similar things to the JailBreak app that you mentioned. Definitions of different types of malware: http://www.abestweb.com/forums/panda-software-317/different-types-malware-65416.html – Andrew Larsson Mar 28 '12 at 21:51
  • @HerrKaleun Besides, anyone can go check their installed packages in Cydia to make sure that they don't have any spyware like the one you mentioned. Malware is supposed to hide form the user and is supposed to be difficult to remove. This can either be considered a prank or a useful application, but not malware. Physical access is much different than remotely exploiting something. It's the difference between finding your friend who forgot to log out of Facebook and actually sniffing their password over a network. Both get you access, but it's not something they could have easily avoided. – Andrew Larsson Mar 28 '12 at 21:56
  • 1
    @HerrKaleun One last thing - The asker specifically said they wanted an example that "doesn't require installation of shady package." Your example is simply a shady package. Whether installed by you or your friend, it's nonetheless not what the asker is looking for. – Andrew Larsson Mar 28 '12 at 22:10
  • 1
    Well I still wanted to remind about that, btw. those shady packages I talk about can easily be hidden from the main screen (including hiding of cydia) so it might still be considered dangerous in terms of malware. Still your explanation is more accurate in terms of "exploiting" flaws of iOS itself. Nice topic though, including many useful tips :) Thank you all – Herr Mar 29 '12 at 15:30