14 DAY TRIAL // Pangu is the latest jailbreaking tool for devices running version 7.1 and above of the iOS operating system, and it relies on an Apple enterprise certificate that allows installation of apps outside the human-curated Apple store.
The security implications of such a tool are quite serious because an enterprise certificate gives an app permission to do anything on the user’s phone, from snooping into the address book and messages to accessing microphone and camera functions.
According to Lacoon Security firm, Pangu jailbreak tool can be used on iPhone versions 4, 4S, 5S and 5C, and all iPad versions, including Air and Mini.
Provided that it is signed using an Apple certificate, Pangu can bypass all security measures on an iOS device and gain elevated privileges, which allows it full access to the smartphone or tablet.
At the moment, it can be used for tethered jailbreaking, which consists in hooking the iOS gadget to a computer (Windows or Mac) via USB. The computer needs to have the latest version of iTunes in order to communicate with the target device. The operation completes in a few minutes and is initiated with a simple mouse click.
Tethered jailbreaking is not extremely useful for cybercriminals, who prefer the remote-executed variant because it is easier to dupe the victims. However, a remotely executed version of Pangu could emerge in the near future.
Ohad Bobrov of Lacoon Security says that the enterprise security used in the Pangu app is associated with “Hefei Bo Fang Communication Technology Co. Ltd.”
There is no information on how the hackers managed to get such a certificate, which Apple issues to a small number of companies after a thorough investigation that determines if there is any risk of abuse.
In this case, Apple will most likely take the necessary steps to revoke the certificate.
Fortunately, Pangu is not malware-laden, which would give the attackers full access to the phone.
The vulnerabilities used by the Pangu developers have been discovered by Stefan Esser, a well-known researcher focusing on the iOS platform. Since Esser shares the iOS exploit information for training purposes only, the details are meant to be secret and he did not give his permission to use it.
The researcher tweeted that the Pangu developers offered to buy the iOS exploits, but he refused to sell them.
The guys behind Pangu wanted to buy iOS exploits from me last months, I did not sell. So they just took my stuff and the rest of the bugs...
— Stefan Esser (@i0n1c) June 26, 2014
“The Pangu jailbreak does not only use one info leak bug but several from my training. And there is basically my code linked directly into it,” says Esser in a tweet.