220,000 iCloud accounts compromised using a backdoor for jailbreaked iOS devices

The Chinese edition of WooYun reported the compromise of 220,000 iCloud accounts. At the same time, attackers did not have to bypass the protection mechanisms of iOS - access to iCloud accounts was carried out using malicious tweaks for devices that have undergone a jailbreak procedure.

A message on the WooYun website also states that the manufacturer (obviously, Apple) received a notification about the problem, but has not yet responded to it.
')


WooYun report page (translated from Chinese via Google Translate from HackRead resource)

The news of the compromise of so many accounts has attracted the attention of users of the English segment of the Internet. So one of the users of Reddit under the nickname mahmoodma found a screenshot on the network, which allegedly presents part of the stolen credentials of iCloud users.



Another Reddit user in the same thread suggested that a large number of compromised accounts is explained by the tendency of Asian iPhone users to “expand” the capabilities of the device using the jailbreak procedure:

In Asian countries, people often buy new or used phones in specialized markets. In such markets, a lot of trays with smartphones, and jailbreak with the installation of "left" programs - part of their service. Therefore, jailbreak in China is very popular - there is a whole market of programs only for the Chinese, about whom we have not heard anything.

Therefore, in this situation there is no need to have 220,000 people with technical skills for jailbreaking, only 220,000 customers are needed who have already completed jailbreak devices, which then installed a malicious tweak.

Despite the large number of compromised accounts, even users of jailbreaked iOS devices can easily protect themselves by simply not installing applications from third-party stores. In addition, it makes sense to enable two-factor authentication in iCloud.

The iCloud security topic was seriously discussed in the fall of 2014 due to leakage of personal data and photos of stars. Then, presumably, the attackers were able to use the "Find iPhone" function to conduct brute-force iCloud passwords. Apple later fixed this security bug.

In addition, at the end of August of this year, the media reported that a malicious application was discovered on Google Play, with which attackers could remotely access a smartphone.