Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Hey, would-be iPhone jailbreakers! Be careful where you get your jailbreak tools.
Cisco Talos researchers reported yesterday (Oct. 15) that there's a fake website pretending to be a download site for checkra1n, a forthcoming jailbreak tool based on the checkm8 iPhone hack disclosed in late September that works on the iPhone 4s through the iPhone X.
The real checkra1n site is at checkra1n.com. The fake is at checkrain[.]com, and if you were to "install" its "software," you'd really just be letting a crook commit advertising click-fraud on your iPhone. To avoid falling for this trap, wait until you hear that checkra1n is ready for download.
MORE: 10 Pros and Cons of Jailbreaking Your iPhone or iPad
Checkm8 is one of the most significant iOS jailbreak methods ever, as it exploits the bootrom on all iPhones systems-on-a-chip from the A5 chipset (introduced with the iPhone 4S) through the A11 (iPhone 8/8 Plus/X).
As a result, there's a lot of public interest in checkm8, but it's not that easy to implement. It and the software tool to use it are downloadable here if you want to try it yourself, though you may brick your phone doing so.
How the fake jailbreak site works
But crooks will always sense an opportunity, and hence the bogus website aims to lure people who don't realize there's a "1" in the checkra1m name or who just type it in incorrectly.
We went to the checkrain[.]com site Wednesday (Oct. 16) and saw nothing except some text files, even when viewing it from an iOS device. It may be down for maintenance or retooling.
But according to Cisco Talos researchers Warren Mercer and Paul Rascagneres, when the fake site is working properly, it checks to see if the visting browser is running on an iPhone.
If so, then it presents a button labeled "INSTALL CHECKRA1N 1.3.5 (NO PC)." (The real checkm8 exploit requires connecting an iPhone via USB cable to a Mac or a Linux machine.)
You'll be asked to install a configuration profile that will alter your device's network settings. (Configuration profiles are usually deployed by enterprises to set up iOS devices to use the corporate network.) A checkra1n "app" will then appear on your screen, but it's not really an app.
If you click the fake app, you'll see what looks like a jailbreak process appearing on your screen, including a dialogue box chronicling the various steps of the process. But that's fake too — the "screen" is actually a web page with no address bar playing an animation.
While all this is going on, the webpage is putting hidden web ads "under" the main page to generate click-fraud revenue for crooks. (Online ad distributors get paid each time someone views an ad, and click fraud gins up the numbers.)
When the process is almost done, you'll be given a list of other apps, two of which you must install to "complete the jailbreak." The apps are free but full of ads, which generate more income for the crooks.
What to do if you fall for the fake checkm8
For now, there's not much danger from this fake jailbreak, other than perhaps a diminished battery life. But the Cisco Talos researchers noted that the malicious configuration profile could be used to install malicious mobile device management (MDM) software, which would place your device under someone else's control.
To make sure you don't have any strange configuration profiles or MDM software, go into your iPhone's Settings app, select General and look for an option labeled "Profiles & Device Management."
If it's not there, you're in the clear. If the option is there, check the profiles — they may have been installed by your employer or school, and should be obvious if so. Otherwise, delete the profiles.
