KeyRaider

Last updated

KeyRaider is a computer malware that affects jailbroken Apple iOS devices, specifically iPhones, and allows criminals to steal users' login and password information, as well as to lock the devices and demand a ransom to unlock them. It was discovered by researchers from Palo Alto Networks and WeiPhone in August 2015, and is believed to have led to more than 225,000 people having their login and password information being stolen, making it, according to cybersecurity columnist, Joseph Steinberg, "one of the most damaging pieces of malware ever discovered in the Apple universe." [1] The malware was originally found on a Chinese website, [2] but has spread to 18 countries including the United States. [3] KeyRaider affects only iPhones that have been jailbroken. [1]

See also

Related Research Articles

Password Used for user authentication to prove identity or access approval

A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.

Keystroke logging Action of recording the keys struck on a keyboard

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

Timeline of computer viruses and worms computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

A transaction authentication number (TAN) is used by some online banking services as a form of single use one-time passwords (OTPs) to authorize financial transactions. TANs are a second layer of security above and beyond the traditional single-password authentication.

A password manager is a computer program that allows users to store, generate, and manage their passwords for local applications and online services.

iOS Mobile operating system by Apple

iOS is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone and iPod Touch; the term also included the versions running on iPads until the name iPadOS was introduced with version 13 in 2019. It is the world's second-most widely installed mobile operating system, after Android. It is the basis for three other operating systems made by Apple: iPadOS, tvOS, and watchOS. It is proprietary software, although some parts of it are open source under the Apple Public Source License and other licenses.

SpringBoard is the standard application that manages the iPhone's home screen. Other tasks include starting WindowServer, launching and bootstrapping applications and setting some of the device's settings on startup.

On Apple devices running iOS and iPadOS-based operating systems, jailbreaking is a privilege escalation exploit executed to remove software restrictions imposed by the manufacturer. Typically it is done through a series of kernel patches. A jailbroken device permits root access within the operating system and provides the opportunity to install software not available through the App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the end-user license agreement, and strongly cautions device owners from attempting to achieve root access through exploitation of vulnerabilities.

Cydia

Cydia is a graphical user interface of APT for iOS. It enables a user to find and install software not authorized by Apple on jailbroken iPhones, iPads and iPod touch devices. It also refers to digital distribution platform for software on iOS accessed through Cydia software. Most of the software packages available through Cydia are free of charge, although some require purchasing.

Multi-factor authentication Method of computer access control

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence. MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorised third party that may have been able to discover, for example, a single password.

Apple ID is an authentication method used by Apple for iPhone, iPad, Mac and other Apple devices. Apple IDs contain user personal information and settings. When an Apple ID is used to log in to an Apple device, the device will automatically use the settings associated with the Apple ID.

Mobile security Security risk and prevention for mobile devices

Mobile security, or more specifically mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. Of particular concern is the security of personal and business information now stored on smartphones.

iCloud Cloud storage and cloud computing service by Apple

iCloud is a cloud storage and cloud computing service from Apple Inc. launched on October 12, 2011. As of 2018, the service had an estimated 850 million users, up from 782 million users in 2016.

Google Play Digital distribution service by Google

Google Play, also branded as the Google Play Store and formerly Android Market, is a digital distribution service operated and developed by Google. It serves as the official app store for certified devices running on the Android operating system and its derivatives as well as Chrome OS, allowing users to browse and download applications developed with the Android software development kit (SDK) and published through Google. Google Play also serves as a digital media store, offering music, books, movies, and television programs. Content that has been purchased on Google Play Movies & TV and Google Play Books can be accessed on a web browser, and through the Android and iOS apps.

Keeper (password manager) Password management software

Keeper is a password manager application and digital vault created by Keeper Security that stores website passwords, financial information and other sensitive documents using 256-bit AES encryption, zero-knowledge architecture and two-factor authentication.

XcodeGhost are modified versions of Apple's Xcode development environment that are considered malware. The software first gained widespread attention in September 2015, when a number of apps originating from China harbored the malicious code. It was thought to be the "first large-scale attack on Apple's App Store", according to the BBC. The problems were first identified by researchers at Alibaba, a leading e-commerce firm in China. Over 4000 apps are infected, according to FireEye, far more than the 25 initially acknowledged by Apple, including apps from authors outside China.

Ikee was a worm that spread by Secure Shell connections between jailbroken iPhones. It was discovered in 2009 and changed wallpapers to a photo of Rick Astley.The code from Ikee was later used to make a more malicious iPhone malware, called Duh.

CamScanner is a Chinese mobile app first released in 2011 that allows iOS and Android devices to be used as image scanners. It allows users to 'scan' documents and share the photo as either a JPEG or PDF. This app is available free of charge on the Google Play Store and the Apple App Store. The app is based on freemium model, with ad-supported free version and a premium version with additional functions.

Passwordless authentication is an authentication method in which a user can log in to a computer system without the entering a password or any other knowledge-based secret. In most common implementations users are asked to enter their public identifier and then complete the authentication process by providing a secure proof of identity through a registered device or token.

References

  1. 1 2 Joseph Steinberg (August 31, 2015). "Massive iPhone User Data Breach: What You Need to Know". Inc. Retrieved September 2, 2015.
  2. "Chinese iPhone users hit by 'KeyRaider' malware". BBC. September 1, 2015. Retrieved September 2, 2015.
  3. David Goldman (September 1, 2015). "More than 225,000 Apple iPhone Account Hacked". CNN. Retrieved September 2, 2015.