What's new

PSA: Jailbreak Safety


Super Moderator
Staff member
Aug 15, 2012
Reaction score
New York
Just a bit of a public service announcement with regards to jailbroken devices and security concerns. As a lot of veteran members, staff as well as new members may have read or seen at some point on the internet, whether it be old news, new news, rumors, etc, jailbroken devices have always been known (used lightly) to be susceptible (again used lightly) to security flaws. Granted though, that jailbreaks are only possible because of security flaws, it's still a concern for a lot of jailbreakers with regards to security of their device.

If you frequent this forum or any of the sister forums as well as some of the reputable websites/blogs/social media channels, you'll most likely have seen "Make sure you change your SSH/root password after jailbreaking" (or something of the sort). The staff and senior members of this forum, its sister forums, as well as knowledgeable communities like Reddit always advise on the changing of SSH passwords on the rare occasion or possibility that someone inserts themselves onto your network and can potentially cause damage to your device remotely. It's not mandatory per se, but it's highly recommended for your personal security. So for those that haven't changed your SSH passwords yet and would like to do so, you can do so by following the any method in the available instructions here (Credits to Saurik).

With regards to malicious/infectious agents such as viruses, malware, spyware, adware and the likes, iOS is generally not susceptible to said agents. But there's never a perfect ecosystem when it comes to operating systems. This could be analogous to the belief that Windows PCs are prone to infectious agents, whereas Macs are worry-free. Yes Windows is prone to infectious agents because of the nature of how Windows is, but Macs are equally susceptible, just that it takes a little more work to get around the sandboxing of Mac OS. Not to say that Macs or Windows or any other computer OS are terrible, but to take a common belief and exemplifying it. With regards to infectious diseases on iOS itself, regardless if you're on a stock iOS or on a jailbroken iOS, you are susceptible to infectious agents. What separates them is the susceptibility of individual agents and/or the magnitude/number of agents.

Remember that the ability to jailbreak a device rests on a security flaw in either the hardware or software. Again, regardless of whether you're on a stock or jailbroken iOS device, you are still susceptible to the same hardware or software flaws/vulnerabilities, and such flaws/vulnerabilities can still be exploited on both ecosystems. Example would be Heartbleed. Heartbleed terrorized the cyberworld for a fairly brief period of time (April 2014) by exploiting an OpenSSL vulnerability. OpenSSL is utilized in both stock and jailbroken devices as well as just about every 'smart' device/electronic. Deviating from the stock iOS, another known malware that briefly took a toll on jailbreakers was the Unflod.dylib malware, which preys on your on-board data as well as your AppleID credentials. The malware would relay your credentials back to China, which subsequently will be used to purchase apps from the AppStore to later be cracked/exploited to be thrown onto the internet for pirates to download. Luckily, instructions were quickly provided by SaurikIT to rid of Unflod.

A new iOS malware has been found and researched by Palo Alto Networks, named "AppBuyer". Comparatively, it's essentially Unflod.dylib all over again, but origins are (for now) unknown. The naming of this malware is more 'direct' in its motive, essentially stealing your credentials and using it to buy apps to further crack and distribute. According to Palo Alto Networks, more than 75,000 jailbroken devices have been compromised. In the grand scheme of things, 75,000 is a fairly small percentage of jailbroken devices globally speaking, but the numbers may exponentially grow if AppBuyer finds its way further and further across the horizon and infects other devices.

Guaranteed prevention is not applicable at the moment since the origin and method of attack is unknown, only the functionality is known. However, Palo Alto Networks has come up with a list of associated files which you can check on your own to see if you've been infected.

  • /System/Library/LaunchDaemons/com.archive.plist
  • /bin/updatesrv
  • /tmp/updatesrv.log
  • /etc/uuid
  • /Library/MobileSubstrate/DynamicLibraries/aid.dylib
  • /usr/bin/gzip
Users that have purchased a file manager through Cydia such as iFile or Filza (both of which are free but have a paid component for full functionality) can navigate to these directories to see if you have these files. If so, delete them, and perform a hard reset (not a restore) of your device by simultaneously pressing and holding both the power and home buttons together until you see the Apple logo, after which you can release.

For users that do not have iFile/Filza and do not which to use them, you can access the rootfs (root file system) of your device by installing Afc2Add through Cydia, and using a file explorer such as iFunBox to navigate to the same directories in search for the files. After deleting the files (if applicable), perform a hard reset as well.

AppBuyer aside, another security concern is piracy. This forum, nor its sister forums, as well as many other reputable communites DOES NOT condone or support piracy in anyway! Piracy is one of the leading causes of unexpected crashes and introduction of infectious agents to your device. Cracked applications not only have their DRM removed, but because a piracy tweak is necessary to maintain the app on your device, you're allowing code to be ran onto your device, regardless of whether the "provider" is clean or not. This accounts for both stock and jailbroken devices. For stock devices that pirate apps, the larger piracy companies exploit the expired certificate vulnerability to allow for cracked apps to be installed onto your device, which allows them to run unsigned code under the roof while you're "enjoying" your apps. Not only does pirating compromise your device and information, it's also a felony and can lead to prison time in just about every country and their respective cities.

In closing (TL;DR:), this post is not meant to scare users. However, it's never a bad idea to be cautious. Passwords for frequently used accounts or particularly sensitive-info accounts should be changed regularly to a slightly more difficult password to ensure protection. Particularly for users that link their credit/debit card to their AppleID, make sure you follow up on your statements and purchase history. If you see suspicious activity that was not warranted on your account, immediately contact Apple to dispute the purchase and change your credentials for all accounts linked to your AppleID immediately. Not pirating both AppStore and Cydia apps/tweaks is the best practice for stock/jailbroken iOS security. Stay wary of internet security flaws both widespread like that of Heartbleed, as well as agents for mobile devices. Again, jailbreaking DOES NOT equate to piracy.

Palo Alto Network Source

Thank you for reading, happy jailbreaking.