Latest iPad security threat: Fake jailbreak code

An anonymous coder is messing with the heads of jailbreakers – the folks who develop and run code that lets your Apple iOS device load applications without having to rely solely on the company’s iTunes service.  The twist: this code, by design, fails to jailbreak your iPad.

Someone with the Twitter handle @d0nfyxn, whose profile only says he is from Montreal, posted on Saturday what he claimed was an iPad 2 jailbreak, called A5-2LiB02, along with a YouTube video purporting to show it in action. Both the tweetstream and his own Facebook page for the jailbreak show early skepticism and then a mounting fury of denunciation.

Someone who really is a jailbreaker, a hacker and member of the iPhoneDevTeam who uses the handle @MuscleNerd, tweeted: “The fake JB [jailbreak] by @d0nfyxn was designed to fail: (it could have been worse and wrecked your files)”

In response, d0nfyxn tweeted to MuscleNerd: “It was a test, people are too naive, long life to the dev team ... sincerely.”

IPAD NEWS: iPad 2 sales hurt by Q1 production shortages

Based on @d0nfyxn’s tweetstream, he seems to have begun posting on April 23, linking to videos and images purporting to show the jailbreak working successfully. Within two days he was defending his posts, insisting the video was not a fake but that the jailbreak code was very unstable. On April 25, he tweeted “I thought all that stabilize but not yet. Beta expected this week.” But the next day, he tweeted, “Release alpha version tomorrow ...”

The code apparently was designed to run on a Microsoft Windows PC, and enough people downloaded it that MuscleNerd tweeted: “I'm astonished how many Windows users are rushing to run a random EXE from known JB fraudster (malicious payload possible)” Jailbroken devices are by definition open to “unofficial” apps, which could be everything and only what they claim to be, but could also conceal a variety of malware attacks. In theory, requiring developers to pass muster, meet standards, and publish apps only through a vendors online catalog provides a level of protection for end users.

MuscleNerd reminded hackers and users that “The only iPad2 JB to date is @comex from that first week” (comex is another well-known hacker and iPhoneDevTeam member), but added “that initial JB isn't suitable for a general release. It was proof of concept for parts of it.”

IPAD NEWS: 12 awesome iPad apps for road warriors

The reactions on d0nfyxn’s Facebook page, by other Facebook users, range from baffled naiveté, through chilling threats, to obscene denunciation.

One user, David Borges sounded pleading: “Can someone just post screenshots with proof that it works, with a decent video with no tricks with cydia working and all that? is it so hard? Rghh”

Another user wrote “this exe has nothing jb related in it!!! why would you waste your time doing all this BS??? find something better to do dude!”

“You bring shame to the jailbreak community. Get a life man,” posted iPhoneBlogr.

“Hahaha why would a person go to the trouble of screwing with us I mean you did see what happened to Sony right?” was one comment posted by Kevin Lepp, referring to the notorious, and still-unfolding, hack of Sony’s PlayStation Network.

John Cox covers wireless networking and mobile computing for “Network World.”Twitter: john_cox@nww.comBlog RSS feed:

Read more about anti-malware in Network World's Anti-malware section.

Join the CSO newsletter!

Error: Please check your email address.

Tags NetworkingsecurityiPad2wirelesssmartphonesPhonestwitteryoutubeFacebookAppleconsumer electronics

More about AppleFacebookMicrosoftSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Cox

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts