Users are reporting of PayPal security breaches after using Pangu’s iOS 9.3.3 jailbreak. Victims of the security breaches say that money has been transferred from their PayPal accounts to locations in China, India, Vietnam and so on. It is easy to blame the security issues on Pangu and Cydia Impactor but when you look into the details, the discoveries say something else. We dig into the details to make sense of the situation.
Pangu Jailbreak for iOS 9.3.3 consists of a few components.
- Pangu IPA
- Cydia Impactor
- 25PP App Store (optional)
The Pangu IPA is the app that is signed using Cydia Impactor and installed onto an iOS device. Once this app is run, the jailbreak process takes place on the device itself. The Pangu app gives the option to install the PP App Store to your iOS device but in our guides, we have always recommended keeping that option unchecked. In between this procedure, there are a few places where security is not considered bulletproof.
- Cydia Impactor asks for your Apple ID username and password. This is sent to Apple’s servers to generate a certificate which is used to sign the IPA. This app has been developed by Cydia’s creator, Saurik, so there is not much to be worried here. However, despite that, we have always recommended creating a burner Apple ID so that you remove any risks and doubts while entering your credentials.
- 25PP App Store is available as an optional install with Pangu app. If you jailbroke your iOS device using the Chinese version of Pangu, you would have downloaded the helper app that installs on Windows. 25PP App Store is an alternative app store that can be installed on both jailbroken and non-jailbroken iOS devices. It also has a reputation of hosting some paid apps for free which falls under the definition of piracy. It is possible that there might be some malicious code in the installation app for Windows that is causing trouble for users. The common theme between all victims has been that they used the Chinese version of Pangu for Windows.
Saurik has chipped in on Reddit with his comment where he also says that he does not like the concept of installing 25PP tool. While he does not go on to blame anyone, he considers that this might be a coincidence that another website might have been hacked where users had the same passwords as their PayPal or other accounts. The unauthorized logins and transactions might have happened at the same time as the jailbreak was released, leading users to believe that Pangu’s jailbreak or 25PP have something to do with it.
If you still want to go ahead and use Pangu to jailbreak your iOS 9.3.3 device, we suggest the following security precautions:
- Create a new Apple ID just for the jailbreak (also called a burner ID), with a different password than your other accounts. Enable two-factor authentication on this burner ID too. You can follow our 1 year certificate guide for Pangu jailbreak.
- Do not install the PP helper tool. To do this, simply uncheck the box when you open the Pangu jailbreak app on your iOS device. If you are using a Chinese version of Pangu, for reference, make sure that the check box under the big round button, which is used to start the jailbreak process, is unchecked.
Stay safe and make sure that you do not use the same passwords across different accounts and services and use two-factor authentication. Also check your ID and email address to see if any website you use had been compromised at haveibeenpwned.com