Wednesday, September 02, 2015

The perils of jailbreaking your iPhone

Do you have an iPhone? Do you know what jailbreaking is? That's geekspeak for a somewhat shadowy technique used by some adventurous owners of iOS devices to circumvent Apple's rather rigid controls over how software is installed on iPhones, iPads, iPod touches and Apple TVs.

Out of the box, Apple exerts some of the most restrictive rules in the industry to ensure a consistent user experience. So for most of us, we can only install apps from the iTunes App Store, which Apple, of course, vets carefully before they're even made available there.

In contrast to the buttoned-down, out-of-the-box iOS experience, a jailbroken device can be heavily customized, and software from anywhere on the Internet can be downloaded and installed. Jailbroken phones can often do things that "legit" devices can only dream of.

Sounds fun in theory, but the reality can be frightening. Jailbroken devices are at significantly increased risk of being infected with malware, spyware, and other nasty code. All that fiddling around could make the devices unstable. It can also "brick" the device, which essentially turns it into a doorstopper. And if you try to return a jailbroken device to Apple for service, you'll likely be turned away, as jailbreaking voids the warranty.

Well, we're now seeing evidence of the most widespread jailbreak-related malware outbreak since iOS devices first hit the market. The iOS-specific malware, known as KeyRaider, affects only jailbroken devices - so the rest of us can breathe easy - and it has infected an estimated 225,000 devices so far. It allows hackers to steal Apple account information, including the Apple ID, password and unique device identifier. Hackers can then use that information to make "purchases" on your account. They're also selling the stolen information online, so expect further identity theft attacks against the identified victims in the weeks to come.

I discussed the issue with Beverly Thomson on CTV's Canada AM this morning, and the story and video can be found here. I also discussed it live with Mike Stubbs on First Thing on London's NewsTalk 1290 CJBK.

Scary stuff, but the good news is we can easily avoid the biggest risks by paying careful attention to our online and offline behaviors. This isn't rocket science: It only seems that way at first blush.

No comments: