A Fake iOS jailbreak is putting iPhone users at risk

image credit;  gadgethacks.com

image credit; gadgethacks.com

As Michelle and Nathan and I have discussed previously, there is a vulnerability that exists on older iOS hardware that can be used to jailbreak those devices. However, Cisco Talos has recently discovered that cybercriminals have set up a fake website aiming to take advantage of users wanting to jailbreak their iPhones.

Instead of jailbreaking a user's device, the site actually just prompts users to download a malicious profile that the attackers then use for click fraud.

Checkm8 is a bootrom vulnerability that impacts all older models of the iPhone from the 4S through the X. The campaign discovered by Cisco Talos attempts to capitalize on a project called checkrain which uses the checkm8 vulnerability to modify an iPhone's bootrom and load a jailbroken image onto the device.

The attackers being tracked by Cisco Talos run a malicious website called checkrain.com that preys on users searching for the legitimate checkrain project.

The fake checkrain site attempts to appear to be legitimate by claiming to work with popular jailbreaking researchers such as “CoolStar” and Google Project Zero's Ian Beer. The page prompts users to download an application to jailbreak their phone but there actually is no application, as the attackers are trying to install a malicious profile onto the end-user device.

When a user first visits the fake website, they are presented with a download button. Cisco Talos noticed several things about the site, including the mention of A13 devices which aren't vulnerable to Checkm8, which indicate that the website is not legitimate.

The website further claims that users can install the checkrain jailbreak without using a PC, however the real Checkm8 exploit requires that the iOS device be in DFU mode and is exploitable using an Apple USB cable. Another clue was the fact that the fake checkrain site uses an SSL certificate from LetsEncrypt while the actual site doesn't even have an SSL certificate.

Once the download button is clicked, an app with a checkrain icon is downloaded and installed onto a user's iPhone. But while the icon may appear like a regular app, it is actually a bookmark to connect to a URL.

Instead of providing users with an authentic jailbreak, the attackers are instead using the effected devices to commit click fraud.

As tempting as a jailbroken device may seem, for whatever reason or another, by trying to exploit the Checkm8 vulnerability, you could be opening your device and your data to hackers.

My recommendation is, if you're not sure what it is you should be looking for, leave it along and let your device run as intended.

An Air Pollution plus Wildfire Warning System In One App

Wildfires are starting to get bigger, more dangerous, and more frequent than they have before, and can have lasting negative effects on the air quality. Breezometer is a free app that offers real-time air quality data. Breezometer has announced that it will be offering out fire alerts to help people determine whether or not they're in harm's way, and whether they should evacuate. The fire alerts base their information on data from NASA and other local sources, and paired with the app's built in algorithms, can determine which direction the smoke is traveling and its projected effect on air quality.

download (1).jpg

Through the app, users who live between 20 to 60 miles of a wildfire can receive timely updates on its progress. Wildfire pollution was only recently discovered to travel long distances. Last year's California wildfires polluted air more than 100 miles away, which prompted a statewide health emergency. The state's wildfires have gone so far as to spread to the East Coast thanks to cross-country winds. BreezoMeter CEO Ran Korber stated "The current systems for measuring air pollution rely on outdated methods that are not comprehensive, causing unnecessary exposure to harmful pollution".

BreezoMeter also measures several other factors that have an effect on air quality, such as ozone, particle matter, and pollen.

BreezoMeter is available both on iOS and Android, and is also available on its Live Map