Skip to main content

iOS 7.1 Jailbreak Tool May Be Too Risky

Credit: Pangu.io

(Image credit: Pangu.io)

A jailbreak tool for iOS 7.1 has been released, but be careful about using it on your iPhone or iPad. The tool, called Pangu, comes from a band of Chinese hackers who seem to have swiped software and a digital authentication certificate from other parties.

One security firm warns that the tool could also be used to infect iPhones with malware, adding that although Pangu is a "tethered" jailbreak that requires a USB connection to a computer, it could be modified to work independently.

The Pangu developers themselves warn users not to download the tool from any website other than their own, as third-party versions infected with Windows malware have already begun to appear.

MORE: 10 Pros and Cons of Jailbreaking Your iPhone

Jailbreaking overrides iOS' built-in restrictions, letting users add features or software unauthorized by Apple. It also demolishes iOS' security protections, opening up a device to malware infection. iOS malware found outside research labs has affected only jailbroken devices.

Pangu seems to be the first working jailbreak for iOS 7.1, which was pushed out in mid-March; small tweaks in mid-April bumped the current version up to 7.1.1. The jailbreak will work on all devices capable of running either iOS version, including the iPhone 4 and later, iPad 2 and later and the current iPod Touch. (Another jailbreak tool, geeksn0w, works on an iPhone 4 running iOS 7.1.)

Pangu can be downloaded from the developers' Chinese-language website to a Mac or PC; English-language instructions were posted on Reddit soon after the tool appeared earlier this week.

Something borrowed, something possibly stolen

On the Pangu website, the tool's developers thank "i0n1c," the Twitter handle used by German security researcher Stefan Esser, who teaches iOS hacking seminars but asks students not to share his vulnerability exploits with the public.

"The Chinese criminals behind Pangu took several infoleaks from our iOS training and resold them to Chinese companies," Esser tweeted earlier today (June 26). "They directly link my code that I give to trainees in the jailbreak. Have fun trusting your iPhone to these lowlifes."

Using Esser's exploits without his permission may be immoral, but probably not illegal. That may not be the case with the enterprise-authentication certificate Pangu "borrows" in order to install itself on any iOS device.

Non-jailbroken iOS devices install only apps "signed" with a certificate of authentication granted by Apple, which normally means the app has passed Apple's review and been admitted to the iTunes Store.

Under certain circumstances, Apple distributes iOS certificates of authentication for third-party use. Registered iOS developers get iOS certificates to test software; businesses and other large organizations get them to install in-house apps on workplace iOS devices.

Each developer iOS certificate can be used to install software only 100 times, but each enterprise certificate is for unlimited use. (Apple has the power to revoke certificates.) According to a blog posting yesterday (June 25) by San Francisco-based firm Lacoon Mobile Security, Pangu appears to be using an enterprise certificate issued to a "Hefei Bo Fang Communication Technology Co., Ltd."

The risks of unknown sources

"Pangu should concern us — the security community, enterprises and consumers alike," Lacoon's Ohad Bobrov wrote. "Pangu represents a major technology leap, ultimately lowering the barrier for attackers to create sophisticated mobile-targeted attacks."

Bobrov admitted that an "attacker" would need physical access to an iPhone to install Pangu, but added, perhaps hyperbolically, that "the fact that Pangu is bundled as an app is a first step in enabling attackers to develop a jailbroken tool that works remotely.

"In these remote scenarios, attackers can lure users to download an app within a phishing email or as a link to a site," Bobrov said. "A user falling for the scam will install that app without ever knowing that running the app has actually led to the jailbreaking of their device."

That's certainly possible, but it's worth noting that the last time an iPhone could be jailbroken simply by visiting a certain website, no malware took advantage of it.

More dangerous is the fact that users of Pangu need to download rather large executable files — i.e., applications — to their PCs or Macs in order to jailbreak their iPhones or iPads. That's a perfect way to infect not the iDevice, but the computer.

The Pangu developers themselves mentioned this threat on their Weibo (Chinese Twitter) account yesterday. They cited a warning from Chinese antivirus firm Qihoo 360 that Pangu downloads offered by third-party sites had been infected with nasty Windows malware, some of which wrote to a PC's master boot record or caused data loss.

Reddit users who examined the software downloaded directly from the Pangu site found no malware, but did advise users to uncheck the option for the PP app store, a Chinese repository of pirated apps for jailbroken iOS devices. (Update: A separate Reddit thread discusses and solves a Pangu issue with the light sensor on certain models of iPhone.)

Jailbreakers beware

Even if the Pangu developers themselves are benign, the lack of control regarding jailbreaks coming from little-known sources only lends credence to Esser's bitter rejoinder to his Twitter followers earlier today.

"I wish every one of my followers who installed Pangu much fun with malware from China :P," he wrote.

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

  • house70
    Installing stuff you don't understand will always carry the risk of getting your device infected. This is no different from altering the default (secure) settings of the phone, something that can be done on pretty much any mobile device, regardless of the OS.
    Ultimately, any phone is only as secure as the owner wants it to be. Making alterations you don't understand and then blaming the OS for the security holes you introduced borderlines stupidity, also does pretending that one OS is more secure than another and will somehow plug holes that were voluntarily opened. It's like drilling the bottom of your boat and then blaming the manufacturer of the boat because you're taking water.
    Reply
  • nitrium
    Just so very lame you have (or would like) to do this in the first place. On Android you don't have to "jailbreak" just because you want to use a 3rd party keyboard or a different launcher or some app that isn't "officially approved". Hate hermetically sealed-off OSs - they're just a massive disservice to end-users.
    Reply
  • JOSHSKORN
    Just don't buy an iPhone.
    Reply
  • Gaurav Bidasaria
    iPhone 6 is also approaching fast because Walmart has just reduced the prices of iPhone 5s and 5c massively

    http://tac2.in/1pozwI1
    Reply
  • jawn_
    Load of farce with no clue what you're talking about. First off, Pangu's an UNTETHERED jailbreak. If you bothered to Google the term at all or if you had any clue what you're talking about, you'd know. Secondly, every jailbreak utility as well as plenty of Android rooting utilities are executables. PanGu already stated that they did not ZIP the Cydia archives hence the 80MB utility. Thirdly, any and every rooting/jailbreaking utility is a risk, so is rooting/jailbreaking because you're exploiting the device/mobile OS, so I don't get why you're arguing over security issues and all, because once your device is rooted/jailbroken, your security is ripped wide open, that's a known fact since the beginning of iOS jailbreaking and Android rooting.

    Get your facts straight before posting an article, because this "article" seems to be ripped off of an 8 year old or probably was written by an 8 year old. This article is not different from scam sites like evad3rs.net, Team7Jailbreak.com and evasion7.com, just stirring up attention. Pathetic....
    Reply
  • apone
    It still puzzles me how Apple fans, who swear they fancy Apple products due to simplicity, ease of use and don't care for being "a techy", suddenly jump on the tech enthusiast bandwagon when it comes to tweaking their products.
    Reply
  • J Esteban
    So many things wrong with this article.

    1. Pangu is untethered. Any security firm that thinks it is tethered does not deserve to have "internet", "computer" or "security" in its job description. Did the author of this article misunderstand them?

    2. Jailbreaking opens up your phone to security risks. That is well known. There are ways to patch those vulnerabilities after you jailbreak. That is also well known in the jailbreaking community. Every OpenSSH tutorial, for example, warns you to change your default root password.

    3. Talking about malware embedded in the jailbreak tool downloaded from sketchy sites has nothing to do with jailbreaking and more to do with common Internet sense. Would you download an antivirus software from CNet/Download.com/the original antivirus company's site, or would you download it from a sketchy site that says "Free Antivirus!!!!" and has "You are the 10,000th visitor!!! Click here to win a prize!!!" banners all over it? If you are the latter, you should not be jailbreaking your phone.

    4. i0n1c (AKA Esser)'s issue is irrelevant to jailbreak security, but since it was brought up: Esser revealed the bug to the Pangu team in a paid training session. If you were a teacher who imparted knowledge on your students, why would you not want them to use it for good? i0n1c's bug is one small part of the Pangu package, and the Pangu team credited him in the jailbreak. i0n1c's tweet is him being bitter about a petty issue.


    To sum up:

    Scaremongering tactics combined with skewed writing and sensationalist statements. I hope you don't consider yourself a journalist.
    Reply
  • SamSongRules
    At every Hackercon, the first tech products to be hacked are ALWAYS Apple products!

    ALWAYS!
    Reply
  • xweaponx
    It looks like most of this alleged information is based on one side only: Steve Essers's side.

    As far as where this jailbreak came from Steve came to the jailbreak Reddit and teased us for two months that he had a jailbreak that was easily installed and that he was not going to give it to anybody.

    Then he even wrote an article that gave all the clues as to how to do it and if you are a developer you could probably figure it out fairly easy. But he did not stop there, he held classes where he charged a a lot of money and he taught a bunch of students how to do this jailbreak.

    So one of them figured it out and they gave the information or sold it- it doesn't matter which, to Pangu who then released the jailbreak. So as far as 1r0n1c/Steve Esser is concerned this jailbreak was bought and paid for even if it was his idea. and he did not have anybody sign nondisclosure agreements, so it's his tough luck. Besides it is a clean jailbreak and there are no security issues with it, I would estimate right now maybe a few million people have used it and No ill effects, so I resent this whole article it, should be updated immediately after the person who wrote it learns what the hell they are talking about- because they don't.
    Reply
  • combatgear2
    At every Hackercon, the first tech products to be hacked are ALWAYS Apple products!

    ALWAYS!

    You're saying it takes security researchers to hack into an iPhone; Then there are 8 year olds who can create and distribute malware for Android by following a simple tutorial. Fandroid I see. #BlackBerry10
    Reply