X

After a quarter million iPhones hacked, a reminder 'jailbreaking' devices still not safe

Despite warnings from Apple, users continue to alter their iPhones to be more flexible.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
See full bio
Laura Hautala
2 min read

Nearly a quarter million iPhones have been hacked, researchers say, after owners "jailbroke" their devices.

 Steven Musil/CNET

Turns out, Apple was right.

For years, iPhone owners stripped their devices of Apple's security settings, allowing the handsets to work overseas or run apps the company didn't approve.

Many users thought the practice, known as "jailbreaking," was harmless. But it frustrated Apple, which said it left the devices vulnerable to hackers.

Now, it turns out more than 225,000 of those phones have been hacked, according to cybersecurity company Palo Alto Networks this week. Each was a jailbroken device, the firm added, supporting Apple's years-long warnings.

The cybersecurity researchers found the users' breached information on the black market and estimated that 20,000 people had used the information to download apps and make fake purchases within apps. The users affected were in 18 different countries, including China, where the hackers were also located, the report said.

The hack is a double-edged sword for Apple: It validates its years-long campaign against jailbreaking, saying users who do so are violating their terms of service and opening their phones up to attackers. At the same time, it underscores how security flaws can be exploited by hackers, putting the words "iPhone" and "hacked" together in a story.

Apple, which is expected to announce new iPhones next week, took this opportunity to remind people this is why its phones come with security systems in the first place. "To protect our users from malware, we curate App Store content and ensure all apps in the App Store adhere to our developer guidelines," an Apple representative said regarding the hack, which researchers are calling KeyRaider.

But as the trend continues, security experts say that both Apple and app developers must face a world in which users don't accept the iPhone on the Cupertino, Calif.-based company's terms.

As a result, warning users not to jailbreak their phones doesn't do enough to protect their devices from hacking threats, said Adam Ely, an executive at Bluebox, a company that helps app developers protect their services from the abuses of hackers.

The reason, according to Stephen Coty, an executive at cybersecurity company Alert Logic, is that people will remain curious about what Apple isn't allowing people to do on their devices. Additionally, Apple users may want apps that the company won't make available, or they might just want to see how the gizmo works from the inside, he said.

Coty himself has disabled security protocols on some devices so that he could install cybersecurity testing tools for his work.

So, what of all the people who have jailbroken their phones?

Coty said they shouldn't feel like they're constantly about to be hacked. There are plenty of cybersecurity apps that can help protect the phone, once it's been jailbroken.

"If you're going to jailbreak and make those changes," he said, "you should also secure yourself."