Security issues in the Apple ecosystem: Pangu jailbreak, SwiftKey keyboard and iTunes Store

Three cases of user security / privacy issues have surfaced these past few days in the Apple world.

The first one has to do with the jailbreak for iOS 9.2-9.3.3, released by the PanGu Chinese hacking group and hosted by the 25PP group. A user of the tool went to Reddit to report that a few hours after applying the process on his iPhone with a temporary Apple ID, charges were made to his PayPal account directly from Beijing, with an unknown email address.

Jailbreak for iOS 9.2-9.3.3

The person further stated that he was not using app piracy repositories. After the post was published, several other users began to report similar problems, stating that their credit cards had been used without authorization, one of them even reported 600 (!) Charges on his card. Still others said their Facebook accounts had been hacked by addresses in China.

Suspicions, of course, came under the hands of PanGu and 25PP. Cydia creator Jay “saurik” Freeman has stated that he trusts PanGu but believes that the Chinese version of the jailbreak may have been modified by a third party for criminal purposes after release to the public. Anyway, apparently, the English version of the utility should have no security problems, since it does not install any 25PP related software.

The PanGu team commented on the problem on their Twitter and announced the opening of an official Reddit account to communicate with the public.

· · ·

The second problem is not exclusively related to Ma's ecosystem, but concerns an application widely used by users of iGadgets: the keyboard SwiftKey, acquired some time ago by Microsoft.


SwiftKey Keyboard app icon

SwiftKey, known for its word prediction technology that is the result of a text recognition system, has started to exhibit, shall we say, strange behavior in recent weeks. Users reported that, among the suggestions offered by the keyboard, there were some email addresses never seen by them, as well as phone numbers and names of complete strangers.

A user contacted one of the strange email addresses suggested by SwiftKey, and, in collaboration with the recipient of the message, realized that the keyboard was suggesting emails, phones and even addresses of private servers that the “hacked” person used to connect to internet at your workplace.

SwiftKey has commented on the problem stating that it comes from a bug in the sync feature, and that this service has been disabled as long as the issue is not fixed. The developers also said that it is absolutely safe to use the keyboard without restrictions, since, in any case, the number of users affected is very small and personal data will not be lost while the synchronization feature is disabled.

· · ·

Our third and last (for today) security problem is a good old email financial scam (phishing), this time using the honorable name iTunes Store. Who reports the Telegraph (exclusive material for subscribers).

Everything happened in England: several consumers of the Apple music store received emails, with a layout identical to that of the iTunes Store receipts, accusing the purchase of a song for 23.34 (approximately R $ 100!).

The big bait for a scam is a link at the end of the message which states that, to cancel the purchase in up to 14 days, one must go to a page on Ma's website. The link redirects to a fake URL where the user must enter with your Apple ID so that credit card information is then stolen.

Apple ruled on the case:

Email messages that contain attachments or links to sites outside of Apple domains are from sources other than Apple, although they sometimes appear to have come from the iTunes Store. These attachments are almost always malicious and should not be opened. You should never enter your Apple account data on any website that is not ours.

Ma also said it never asks for personal or payment information in emails or text messages. As always, the best way to protect yourself is to check the senders of these messages and not to open suspicious links. In the specific case of Apple, most of the activities related to the iTunes Store account take place within iTunes itself, so it is healthy to simply do nothing directly in the browser.

Let's protect ourselves, guys.

(via 9to5Mac, AppleInsider and The Loop)