ripBigBoss

BigBoss, one of the default repositories for jailbreak tweaks in Cydia, has allegedly been hacked by an individual or a group of individuals whose identity is still unknown.

The attackers were apparently able to gain access to all packages (paid and free) that are available in the BigBoss repo, and made the deb index and database available for download. The assailants went as far as creating a new repo which can be added to Cydia to download all BigBoss-hosted tweaks.

As is always the case when this type of security breach happens, jailbreak users should be cautious and stay away from this.

Dubbed ripBigBoss, the website and companion repo are using Saurik’s recent “Competition vs Community” as a motivation for their acts, pushing the use of the #WhichSideAreYouOn and #SupportTheCompetition hashtags. It’s important to note that this verbiage could certainly be used as some sort of disguise in order to blur their tracks and put the blame on different groups of people.

We strongly advise jailbreak users not to install or download any tweaks from this new repo. Besides the obvious moral concern over downloading pirated tweaks, users could put themselves at risk of installing malware on their devices without their knowledge.

BigBoss repo manager 0ptimo has yet to comment on this security breach, but it is safe to assume he’s probably hard at work on securing his assets to prevent a future breach.

As a safety measure, and until more light is shed by official parties on this, we suggest not installing or updating tweaks that are hosted in the BigBoss repo. While the potentiality of malware being injected in the official repo is very unlikely, you’re better safe than sorry.

Note that we purposely did not link to the ripBigBoss website, which you may visit at your own risk.

We have reached out to BigBoss and SaurikIT for comments and we’ll update this post accordingly if we get any information from them.

Update: We have received the following statement from Saurik:

This article mentions malware being potentially injected into the BigBoss repository; we do not believe this to be the case. Packages in Cydia repositories are cryptographically verified from the repository package index. I have an index of all historic changes to the package indices for default repositories, and have verified that the content on BigBoss did not change in ways that the repository administrators did not expect.

Update 2: According to hacker @compiledEntropy:

Regarding malware in the ripbigboss repo: I downloaded all the packages and checked their MD5s against the MD5s listed by bigboss.

All the packages had matching checksums other than the ones listed here: https://ghostbin.com/paste/6xsdz

Any packages not listed are guaranteed not to have malware. Other packages probably don’t either, but I haven’t explicitly checked.