Analecta Cyber Company Blog: Chinese hackers crack into 226,000 iPhones

2015-11-10

Chinese hackers crack into 226,000 iPhones

Hackers have reportedly broken into something like 226,000 iPhones and accessed sensitive customer information.

It’s estimated that the hackers were able to infiltrate iPhones in the United States and 17 other countries, including China, France, Russia, Japan, United Kingdom, Canada, Germany, Australia, Israel, Italy, Spain, Singapore and South Korea.

A Chinese student at Yangzhou University who is also a member of an amateur hacking group called Weiptech is getting credit for the discovery.



California team aides discovery

Weiptech members began their investigation in July after several reports surfaced about unauthorized purchases made on Apple accounts. Another team from Palo Alto Networks in California examined the findings and found that malware on jailbroken iPhones was collecting passwords and personal information.

As Weiptech helped possible victims find out if their information was affected, members discovered that users of non-jailbroken devices were not at risk as the malware.

IPhone users will “jailbreak” a device so that they’re able to loosen restrictions on the Apple product. The modifications allow them to download and install applications not coming from the Apple App Store.

The malware, named KeyRaider, raids victims' passwords, private keys and certificates. Reports noted that it has the capability to steal Apple push notification service certificates and private keys. In addition, the malware can steal and share App Store purchasing information as well as disable local and remote unlocking functionalities on iPhones and iPads.

Hackers get passwords, etc.

Reports stated that victims suffered various kinds of attacks from hackers. Some noticed abnormal app purchasing history while others had their phones held for ransom.

Investigations also confirmed that the compromised sensitive information was then sent to a third-party server in China. This allowed the hackers to access payment information and control devices remotely.

Weiptech located this online database used by hackers to store and manage collected information. Fortunately, the group of researchers were able to eliminate much of the sensitive information before hackers discovered them and shutdown the database.