A jailbreak tool for iOS 7.1 has been released, but be careful about using it on your iPhone or iPad. The tool, called Pangu, comes from a band of Chinese hackers who seem to have swiped software and a digital authentication certificate from other parties.
One security firm warns that the tool could also be used to infect iPhones with malware, adding that although Pangu is a "tethered" jailbreak that requires a USB connection to a computer, it could be modified to work independently.
The Pangu developers themselves warn users not to download the tool from any website other than their own, as third-party versions infected with Windows malware have already begun to appear.
MORE: 10 Pros and Cons of Jailbreaking Your iPhone
Jailbreaking overrides iOS' built-in restrictions, letting users add features or software unauthorized by Apple. It also demolishes iOS' security protections, opening up a device to malware infection. iOS malware found outside research labs has affected only jailbroken devices.
Pangu seems to be the first working jailbreak for iOS 7.1, which was pushed out in mid-March; small tweaks in mid-April bumped the current version up to 7.1.1. The jailbreak will work on all devices capable of running either iOS version, including the iPhone 4 and later, iPad 2 and later and the current iPod Touch. (Another jailbreak tool, geeksn0w, works on an iPhone 4 running iOS 7.1.)
Pangu can be downloaded from the developers' Chinese-language website to a Mac or PC; English-language instructions were posted on Reddit soon after the tool appeared earlier this week.
Something borrowed, something possibly stolen
On the Pangu website, the tool's developers thank "i0n1c," the Twitter handle used by German security researcher Stefan Esser, who teaches iOS hacking seminars but asks students not to share his vulnerability exploits with the public.
"The Chinese criminals behind Pangu took several infoleaks from our iOS training and resold them to Chinese companies," Esser tweeted earlier today (June 26). "They directly link my code that I give to trainees in the jailbreak. Have fun trusting your iPhone to these lowlifes."
Using Esser's exploits without his permission may be immoral, but probably not illegal. That may not be the case with the enterprise-authentication certificate Pangu "borrows" in order to install itself on any iOS device.
Non-jailbroken iOS devices install only apps "signed" with a certificate of authentication granted by Apple, which normally means the app has passed Apple's review and been admitted to the iTunes Store.
Under certain circumstances, Apple distributes iOS certificates of authentication for third-party use. Registered iOS developers get iOS certificates to test software; businesses and other large organizations get them to install in-house apps on workplace iOS devices.
Each developer iOS certificate can be used to install software only 100 times, but each enterprise certificate is for unlimited use. (Apple has the power to revoke certificates.) According to a blog posting yesterday (June 25) by San Francisco-based firm Lacoon Mobile Security, Pangu appears to be using an enterprise certificate issued to a "Hefei Bo Fang Communication Technology Co., Ltd."
The risks of unknown sources
"Pangu should concern us — the security community, enterprises and consumers alike," Lacoon's Ohad Bobrov wrote. "Pangu represents a major technology leap, ultimately lowering the barrier for attackers to create sophisticated mobile-targeted attacks."
Bobrov admitted that an "attacker" would need physical access to an iPhone to install Pangu, but added, perhaps hyperbolically, that "the fact that Pangu is bundled as an app is a first step in enabling attackers to develop a jailbroken tool that works remotely.
"In these remote scenarios, attackers can lure users to download an app within a phishing email or as a link to a site," Bobrov said. "A user falling for the scam will install that app without ever knowing that running the app has actually led to the jailbreaking of their device."
That's certainly possible, but it's worth noting that the last time an iPhone could be jailbroken simply by visiting a certain website, no malware took advantage of it.
More dangerous is the fact that users of Pangu need to download rather large executable files — i.e., applications — to their PCs or Macs in order to jailbreak their iPhones or iPads. That's a perfect way to infect not the iDevice, but the computer.
The Pangu developers themselves mentioned this threat on their Weibo (Chinese Twitter) account yesterday. They cited a warning from Chinese antivirus firm Qihoo 360 that Pangu downloads offered by third-party sites had been infected with nasty Windows malware, some of which wrote to a PC's master boot record or caused data loss.
Reddit users who examined the software downloaded directly from the Pangu site found no malware, but did advise users to uncheck the option for the PP app store, a Chinese repository of pirated apps for jailbroken iOS devices. (Update: A separate Reddit thread discusses and solves a Pangu issue with the light sensor on certain models of iPhone.)
Even if the Pangu developers themselves are benign, the lack of control regarding jailbreaks coming from little-known sources only lends credence to Esser's bitter rejoinder to his Twitter followers earlier today.
"I wish every one of my followers who installed Pangu much fun with malware from China :P," he wrote.
Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.
Ultimately, any phone is only as secure as the owner wants it to be. Making alterations you don't understand and then blaming the OS for the security holes you introduced borderlines stupidity, also does pretending that one OS is more secure than another and will somehow plug holes that were voluntarily opened. It's like drilling the bottom of your boat and then blaming the manufacturer of the boat because you're taking water.
Get your facts straight before posting an article, because this "article" seems to be ripped off of an 8 year old or probably was written by an 8 year old. This article is not different from scam sites like evad3rs.net, Team7Jailbreak.com and evasion7.com, just stirring up attention. Pathetic....
1. Pangu is untethered. Any security firm that thinks it is tethered does not deserve to have "internet", "computer" or "security" in its job description. Did the author of this article misunderstand them?
2. Jailbreaking opens up your phone to security risks. That is well known. There are ways to patch those vulnerabilities after you jailbreak. That is also well known in the jailbreaking community. Every OpenSSH tutorial, for example, warns you to change your default root password.
3. Talking about malware embedded in the jailbreak tool downloaded from sketchy sites has nothing to do with jailbreaking and more to do with common Internet sense. Would you download an antivirus software from CNet/Download.com/the original antivirus company's site, or would you download it from a sketchy site that says "Free Antivirus!!!!" and has "You are the 10,000th visitor!!! Click here to win a prize!!!" banners all over it? If you are the latter, you should not be jailbreaking your phone.
4. i0n1c (AKA Esser)'s issue is irrelevant to jailbreak security, but since it was brought up: Esser revealed the bug to the Pangu team in a paid training session. If you were a teacher who imparted knowledge on your students, why would you not want them to use it for good? i0n1c's bug is one small part of the Pangu package, and the Pangu team credited him in the jailbreak. i0n1c's tweet is him being bitter about a petty issue.
To sum up:
Scaremongering tactics combined with skewed writing and sensationalist statements. I hope you don't consider yourself a journalist.
As far as where this jailbreak came from Steve came to the jailbreak Reddit and teased us for two months that he had a jailbreak that was easily installed and that he was not going to give it to anybody.
Then he even wrote an article that gave all the clues as to how to do it and if you are a developer you could probably figure it out fairly easy. But he did not stop there, he held classes where he charged a a lot of money and he taught a bunch of students how to do this jailbreak.
So one of them figured it out and they gave the information or sold it- it doesn't matter which, to Pangu who then released the jailbreak. So as far as 1r0n1c/Steve Esser is concerned this jailbreak was bought and paid for even if it was his idea. and he did not have anybody sign nondisclosure agreements, so it's his tough luck. Besides it is a clean jailbreak and there are no security issues with it, I would estimate right now maybe a few million people have used it and No ill effects, so I resent this whole article it, should be updated immediately after the person who wrote it learns what the hell they are talking about- because they don't.
You're saying it takes security researchers to hack into an iPhone; Then there are 8 year olds who can create and distribute malware for Android by following a simple tutorial. Fandroid I see. #BlackBerry10