Jailbreaking the iOS 9.3.3 was the agenda of many people. So, when Pangu released a jailbreak tool for the latest iOS, so many of us welcomed it with open arms. But now, the shocking news is that users who jailbroke their devices using the Pangu tool are reporting unauthorized access in their PayPal accounts, Facebook accounts, and compromises in their debit/credit cards.
According to a Reddit discussion, a jailbreaker’s PayPal account was accessed from Beijing, and the attacker spent $50. Other jailbreakers who used the Pangu tool corroborated this story. It is possible that these breaches and the Pangu tool are unrelated, but that is too much of a coincidence. These breaches are just a reminder that jailbreaking is a risk.
The initial release of the Pangu tool was in Chinese. 25PP hosted the tool and distributed the tool via their “PPHelper” tool. But it was possible to jailbreak without the tool. From the Reddit conversation, it appears that most of the people who were hacked used the PPHelper tool. Therefore, it is possible the PPHelper tool is responsible for the data breaches.
Most of the people who were compromised reported that their accounts were accessed from places like, Beijing, Taiwan, and other places in China and neighboring countries.
The PPHelper was not the only way to install the jailbreak tool. Cydia Impactor tool was used for the English version of Pangu tool. Cydia Impactor’s developer, Saurik, posted his thoughts about the whole issue on Reddit. Saurik pointed out that he did not like the idea of using the 25PP tool. Cydia Impactor was promoted together with the English version of Pangu. Therefore, users who used Impactor are probably safe as they did not use anything from 25PP. But, then the English Pangu was still hosted on the 25PP servers.
“I will also say I trust Pangu a lot… but I don’t know if the Chinese version of their app was only touched by them. I bet the English one was their work only, though you are downloading it from 25PP, which opens some issues: do you trust the employees at 25PP with control over their servers?”
If you did the jailbreak, there are certain things you should do immediately to ensure that you stay safe. First, you should restore your iOS device using iTunes and uninstall the PPHelper tool immediately. Run an anti-virus in your PC to clean up any malware the tool may have installed. Most importantly, you should check your social media pages, PayPal accounts and debit cards and credit cards to make sure they were not illegally accessed.
The truth of the matter is that jailbreaking has its potential risks. The risks may not come from jailbreaking but from the apps you install after jailbreaking. Always avoid installing and performing tweaks from shady and unverified developers.
The Pangu team has offered jailbreak tools for quite some time now. Of the 4 iOS jailbreak tools, this is the first that has had major issues. Pangu, in response to the breaches issue, posted the following on Reddit.
“Hello everyone, this is the 4th jailbreak tool released by our team which means we should have some reputation even though we come from China(And we know most western users don’t trust Chinese software normally). So if any user thinks we are hacking your accounts that makes us feel sad deeply. Also we have not received any report of account breach from Chinese users. So may I ask those who have account breach issues, which version did u use, the CN or EN version? And we noticed that my space and tumblr account data are leaked this year, have u checked that if u are using same account? We want to find the root cause of this asap.
We spent so much time to read the posts here and some users also have account breach issue by using the EN version? We of course talked with 25pp and they totally have no clue about this. We are also checking if their PC tool has some security flaws which may enable hackers to attack from network sniff. But as far as now, we don’t find anything suspicious.”