75,000 reasons not to jailbreak your iPhone or iPad

Malicious AdThief malware replaces adverts appearing on Apple users screens

The 5 most read articles this week: July 4-11
The 5 most read articles this week: July 4-11

The dangers of jailbreaking an iPhone have once again been highlighted, after an analyst with Fortinet revealed that more than 75,000 iOS users - including iPhones and cellular-enabled iPads - have been infected by a malware called AdThief.

As the name implies, the malware changes the adverts appearing on the user's iPhone/iPad screen to those that generate revenue for the coders behind the rogue software - and, whilst the malware does not siphon money from user's accounts, or rack up large bills sending text messages to premium numbers, it does deprive app developers from their revenue streams.

According to Axelle Apvrille, a malware researcher with Fortinet's French operation - writing in the latest Virus Bulletin - the AdThief malware will target different advertising software development kits (SDKs), which are typically used by free app developers to generate revenue streams to fund their operations.

So far, Apvrille claims, at least 15 advertising SDKs - including Google Mobile Ads and Weibo - have been targeted by AdThief, and others seem likely to be targeted.

"iOS/AdThief is a technical and malicious piece of code which hijacks revenue from 15 different adkits," she says in her analysis of the malware, adding that it also provides third-party developers with an easy method of modifying advertisement SDKs.

Rob Bamforth, a principal analyst with Quocirca, the business and IT research house, said that it is important to note that the malware only affects jailbroken iOS devices.

But he added that there are large numbers of jailbroken iPhones and iPads in circulation, meaning that all iOS platform users should really be using multiple layers of protection - as is the norm with the more open Android platform.

"Certainly in a BYOD working world, businesses should be aware of the increased risks from jailbroken devices, even if their employees are not, as this issue has clear implications for their security strategy. In any event, Apple users should never feel smug or overly dismissive of security risks - IT history shows that popular platforms for users become popular targets for attack and that attack vectors constantly evolve," he explained.

Tony Marques, a cyber security consultant with Encode UK, said that many Apple device users opt to access a wider range of apps by jailbreaking their hardware outside the protective/ locked-down Apple cocoon within which Apple's App store sits.

“The attraction of ‘app freedom,' he comes at a price of substantially increased - and uncontrolled - exposure to malware," he said, adding that a jailbroken Apple iOS device out in the wild with no protection can be considered folly in today's threat environment.

However, he went on to say, no connected device can be guaranteed to be malware-resistant.

"With the increasing capability of threat actors and increasing proliferation of sophisticated attack tools, the time may have come to move beyond simple reliance of Apple's cocoon and take more responsibility for your data and privacy and save yourself a potential headache- install IT security software," he said.

Keith Bird, Check Point UK's managing director, was more sanguine about the risks. Apple, he told SCMagazineUK.com, has been relatively successful at ring fencing its hardware to mitigate malware attacks commonly seen on other operating systems.

"However, with users consistently jailbreaking devices from the iTunes walled garden, they are clearly exposing devices to a greater risk of malware attacks. By jailbreaking Apple devices, users are significantly increasing their risk of attack and should consider implementing further security measures to maintain a good level of protection," he said.

“Our 2013 mobile security report found that IT professionals rated Android as the riskiest (49 percent), followed by Apple/iOS (25 percent) and Windows Mobile (17 percent). However if more Apple users jailbreak their devices, these risks are likely to start balancing themselves out," he added.

Pandora's Box

Tony Kenyon, technical director for EMEA and Latin America with A10 Networks, said the malware highlights the real dangers of jailbreaking.

It may, he said, sound cool to jailbreak your iPhone, but you are effectively opening Pandora's Box - by doing so you lose all the considerable protections offered by iOS.

"There is a price to pay for openness, but to give Apple credit, they clearly considered how to best safely enable applications in a mobile context, designing security into iOS from the ground up, whilst keeping usability a top concern. That's a very difficult trick to pull off," he said, adding that the benefits of a non-jailbroken iOS device are considerable for anyone doing online transactions, storing passwords, and running business apps.

"You simply do not want apps accessing the sensitive data of other app," he explained.