Up until just over one week ago, many people had been suggesting that the day of quick and reliable iOS jailbreaking was over. To some, this point of view had become an almost valid one. Because of the length of time the jailbreak community had been waiting, however, some hung on hoping and were rewarded for their patience with the recent PanGu iOS 9.3.3 and below jailbreak.

PanGu iOS 9.2-9.3.3 Jailbreak Hacked

Accounts compromised

Now that the dust has settled, and people have begun to come to terms with this new jailbreak, it is being reported that some users of this PanGu solution have been the victims of hackers who have unauthorized access to their accounts.

Could this just be a coincidence? That is yet to be proven, however, there are several users of the popular subredit r/jailbreak pages, who have confirmed that they have been the victims of such illegal activity.

PanGu Hack
Image Source: Reddit.com

To be fair, it is within the realms of possibility that these security breaches have nothing to do with the PanGu team. As it is entirely possible that the jailbreak tool was compromised after the software was sent out by PanGu for distribution. The most concerning part of this story so far is the fact that it highlights the risks associated with jailbreaking and is something that everyone who is considering using a jailbreak should know.

As for how the tool was first released, it initially was only available in Chinese and was hosted by the Chinese company 25PP. The jailbreak itself was then distributed via 25PP’s “PPhelper” tool. However, some users were able to bypass this and install the jailbreak without it.

At the moment it seems as though all of those who have had their accounts accessed, used the PPHelper tool to install the jailbreak. So it is possible that this piece of software, which is installed on a Windows PC, did in carry some form of malicious code that could be responsible for these hacks.

What’s been Hacked?

Multiple users across the world have been reporting that they have been the victims of unauthorized access to the following:

  • Facebook
  • PayPal
  • Credit and Debit Accounts

As for where the illegal access is originating from, it is places like Taiwan, Vietnam, Beijing and other locations in China. However, it is thought that some of these accesses could be happening with the use of proxy servers. At the moment the only reports being talked about are the ones related to the accounts above. However, there could, of course, be further compromises that have as of yet gone unreported.

Cydia’s Saurik speaks out

In a show of support for the PanGu team, Cydia’s creator, who is just known as Saurik. Has demonstrated his support for the team of hackers by taking to the internet and expressing his doubts about the possibility of the breaches being included by the team before distribution as highly unlikely.

In a statement he said:

I don’t particularly like the concept of installing the 25PP tool, as Chinese companies tend to have software that is pretty intrusive and even “combative” against competitor’s software, and in general I am concerned about the way people do signature stuff which is why I worked so hard to make Impactor be able to do all the signing and communication locally.

If you are not sure what impactor is, it is Saurik’s tool, which was used for signing the English version of the Pangu,ipa file. This tool was promoted with that version of the PanGu release and is believed to be safe as it does not install anything related to 25PP, and can run on multiple different platforms. That being said, even the English PanGu solution did not manage to escape 25PP entirely, as it is hosted on its servers!

I will also say I trust Pangu a lot… but I don’t know if the Chinese version of their app was only touched by them. I bet the English one was their work only, though you are downloading it from 25PP, which opens some issues: do you trust the employees at 25PP with control over their servers?

Moving forward

By providing you with this information, we are not trying to scare you. However, you should be aware that jailbreaking carries some associated risks.

At this moment in time, security should be foremost in your mind. And if you installed the Chinese version of the jailbreak tool, I recommend you restore your iPhone, iPad or iPod Touch back to stock iOS as soon as you can via iTunes. Plus you should uninstall the PPHelper tool if you have it. Furthermore, you should run a thorough virus scan on your computer and check your credit, debit, PayPal and Facebook account for signs of unthroned accesses. In fact, it would be best at this time that you change all of your passwords to those accounts.

Protecting yourself from the potential of being hacked is critical, so we believe the least you should do is avoid using tweaks from unknown sources. You could also use 2FA for all of your online services, it’s secure and will give peace of mind.

Final thoughts

Whether you are willing to agree or not, jailbreaking an iPhone or other iOS device does place a user at higher risk of being compromised. However, if you are willing to do so and understand the risks involved, there are steps you can take to mitigate them.

Regarding the revelations about the possibility of a hacked PanGu jailbreak, please follow the advice above.