Views on the IOS KeyRaider malware

Following the discovery of the recent IOS KeyRaider Malware, several security experts have come out of the woodwork to discuss their views on the topic. Guillaume Ross, Senior Security Consultant of Strategic Services at Rapid7, had this to say on the malware:

“The KeyRaider iOS Malware discovered by WeipTech and researched in collaboration
with Palo Alto Networks only affects jailbroken iOS devices. The malicious software
was distributed on a specific repository for jailbroken iOS devices (Weiphone’s
Cydia Repositories), and abused Cydia Substrate (formerly MobileSubstrate), a
software package that is only used on jailbroken devices.

KeyRaider uploaded information from the devices, such as Apple ID usernames and
passwords, device identifiers and encryption keys. By doing so, it allowed users of
piracy facilitating tools to install applications and in-app purchases for “free”,
or more specifically; paid through someone else’s Apple ID. Additional risks exist
on the infected devices, as the malware running has capabilities of holding data for
ransom, and could in theory perform other actions as well.

Users who do not use a jailbroken device can not be affected by this issue. While
jailbreaking opens up the system to grant more freedom to the end user, it increases
the risk of an iOS device being infected with malware, or attacked in other ways.

We highly recommend that users who think they might have been impacted change their
Apple ID passwords. To protect accounts against password theft and increase account
security in general, enabling two-step verification on is
an important action that everyone using an Apple ID can perform.”

As well as the above viewpoint Kevin Bocek, VP of Security Strategy & Threat Intelligence at Venafi, had the following to say on the recent malware:

“Recent reports of a new malware called KeyRaider, executed against certain iPhone
users to steal hundreds of thousands certificates and private keys, comes as no
surprise. Cybercriminals wanting to steal data and execute Man in the Middle Attacks
know that compromised digital certificates and keys-the foundation of all
cybersecurity in our modern world of online payments, secure communications,
smartphones and even Internet of Things (IoT) – can be used to gain trusted status.
With a compromised or stolen private key you can impersonate, surveil, and monitor
your targets as well as decrypt traffic or impersonate trusted website, code, or
administrators. The only way users and organisations can remain protected is to have
complete control over certificates and keys and to have a plan in place that allows
them to quickly discover all compromised certificates and rapidly replace them.”

Image source:
Thanks to: Rapid7 & Venafi

James Stevenson

Im a Cyber Security enthusiast that loves all things to do with technology. I'm specifically interested in cyber security and ethical hacking.

You may also like...