KilliOS

Over the weekend, an interesting thread appeared on Reddit involving a new boot color changing mod. That mod, which came from developer @daytonhasty with lots of help from @xerub, wasn’t in itself malicious, but if misapplied could render a perfectly good iOS device permanently useless.

Sadly, because directions on installing the mod weren’t followed to a tee, some users were greeted with an expensive paperweight. On the heels of such a revelation, another developer has created a proof of concept tweak that shows how someone with malicious intent could fool jailbreakers into installing a package that renders their device useless.

The problems stems from invalid NVRAM (non-volatile RAM that retains info when a device is powered down) variables that can kill a perfectly good device in a matter of seconds. As a result, developer arcticsn0w has created a package called killios that can permanently brick your device. The purpose of the proof of concept is to show what might be possible if a person downloads a malicious package. These types of malicious packages are largely limited to third-party shady repos that have to be manually added to Cydia, so most jailbreak users should be okay.

Here is the ReadMe file from killios:

This package permanently bricks your device.

Please do not install it. It is nothing but a proof of concept.

If you want to look at the source code for arcticsn0w’s killios package, you can find it on his GitHub page. He’s pulled it from his repo due to it being so dangerous, and doesn’t want anyone to install it inadvertently.

So how can you protect yourself? You can take the following steps:

1: Don’t install pirated apps tweaks from shady repos

2: Uninstall OpenSSH and/or change your iPhone’s root password from alpine to something else more secure

As a result of all of the flags being raised by these packages, some users are banding together with the hope of creating an “anti-supid” package that will prevent NVRAM modifications. The question is, will these revelations make you more cautious with regard to what you install, or is it business as usual?

  • I’d say business as usual for me. I only use Big Boss and other stock repo’s. I do have Ryan Petrich’s beta repo, but this will never happen with his tweaks…

    • JustReboot

      Agreed ‘something’ got on my iPhone about a month ago soft-bricking it. Essentially I kept getting a popup in cydia about malicious code. At first I thought it was bogus. Oddly enough I could only charge the phone with a 3rd party car charger, couldn’t connect to the Mac and other odd things (like apple updates). I couldn’t even update to 8.12 (at the time). Needless to say, I restored to 8.13, downgraded to 8.12 then only used stock sources… so far so good, but close call. My guess was something from insanelyi repo. (no mas…)

  • Gabriel Anaya

    Alright, the permanent part is a bit frightening. If a restore from iTunes doesn’t work then all beware

    • Andrew

      A restore won’t fix it.

      • Brian Brown

        no

    • Brian Brown

      thats basically what brick means. yes, frightening indeed

  • Merman123

    I guess it’s just eye opening, how much trust we place on developers !

    • Brian Brown

      couldn’t say it any clearer than this guy!

  • Roboter

    Lets see if this can be fixed by Apple with just a firmware update. If some kind of malware could install this on an iDevice this would be a nightmare.

    • Adam Baligian

      Uh… what?

      This is for jailbroken iDevices. So if Apple fixes this, the updated iOS version would have to be jailbreakable for it to matter.

      Or am I missing something?

      • Dayton Hasty

        missing something..

      • Adam Baligian

        OK, can you elaborate?

      • Dayton Hasty

        They could do it in 1 of 2 ways. 1st way: they could push an update that fixes NVRAM variables and resets them to default, which would fix the bricked devices and do nothing to non-bricked devices. 2nd option is to add an option in iTunes to clear NVRAM upon restore so that it can restore.

      • Adam Baligian

        Ah OK, I didn’t think of the iTunes fix. Am I correct in saying that this issue only impacts jailbroken devices?

        If so, would a bricked jailbroken device even be able to receive a pushed update? I am kind of imagining it as how the current OTA system works.

      • Dayton Hasty

        It should impact all devices upon restore, but it would only matter on bricked jailbroken devices.

        The restore would have to be done through iTunes because OTA would not be possible if the device was bricked, given that it cannot even boot iOS.

      • justme

        You’re correct.. apple should update iTunes too. to avoid this malicious package. this happens in OSX too. if someone modify the NVRAM file your Mac will become a beautyful piece of aluminium.

      • Dayton Hasty

        You can easily reset nvram/pram with booting while holding down Command+Option+P+R.

      • justme

        Good to know. The last time I had this trouble, I had to restore from a backup :/

      • Guest

        That was my original thinking. If this issue only impacts jailbroken devices, then why would Apple bother fixing it. If anything, it reinforces their point to not jailbreak.

    • Jtzll Fy Niaina

      Apple is definedy NOT going to be the one to fix this, if anything they are happy that this happened so they can strengthen their warning for people NOT to jailbreak. It has nothing to do with Apple because you would never get this problem of you never jailbreak your iDevice. Duh!

      • Adam Baligian

        That was my original thinking. If this issue only impacts jailbroken devices, then why would Apple bother fixing it. If anything, it reinforces their point to not jailbreak…..

  • mike

    Same roulette as people who put their minds at the mercy of street chemists, ingesting a mysterious concoction of drugs, when their friends say “it’s just acid.” Treat your phone with the same respect as your mind.

    • Digitalfeind

      I’ve never gone wrong with LSD and same for my idevices.

      • mike

        Then your “sources” are legitimate.

  • Eni

    How the hell software could brick hardware? you could restore or smth else. i mean even the phone itself when produced in the first place is a brick but they manage to insert the software. we could do the same thing after the malicius code

    • Antonio Fonseca

      by messing up the NVRAM variables needed to properly boot the device.

      • Eni

        There has to be some equipment to extract that broken software and loading a new one. i think apple has a solution about that

      • Antonio Fonseca

        Why? Jailbreak users are violating the terms of service. And Apple has not planned the product to suffer such adulteration and do not have need to help jailbreak users.

      • Eni

        I think everyone hase the right to do everything he/she wants with their device after the purchase

      • Antonio Fonseca

        Of course, including brick their device, make it vulnerable and insecure.

      • Antonio Fonseca

        …and generate a capital flow in large sums to a gray industry that sells systems vulnerabilities and maintains app stores of mainly pirated software.

      • Eni

        Yeah i know that and u are right, i never pirate for my self. But i just wantet to know if there is somthing to fix that, just for knowloge

      • gittlopctbi

        You are ridiculous. The tweaks are not pirated. Yes, there are repos with pirated tweaks, but that’s not what jailbreaking is about. Take your holier-than-thou-preaching to a place where someone might be interested in ignorant statements.

      • Joey_Z

        and Apple has the right to not cover you under warranty if you poke around outside of the term of service. It seems fair to me.

      • Eni

        I am not saying they should do that for free but the have to have a solution for that

      • iPhoneWINS

        i any install any tweaks that affect the booing process of the phone in any way

    • Joey_Z

      there are many ways to brick a hardware using software. But it’s harder now than 10 years ago. One old exmaple is that you could remotely upload and run a complicated calculation on the old chips (old AMD chips if memory serves me right?) that doesn’t have thermal protection and burn the chip into smoke by using just software.

  • Antonio Fonseca

    Don’t be a moron. If you’re a end user, don’t do jailbreak.

    • Ángel Javier Esquivel

      Why not?

    • Andrew

      Why?

      • Antonio Fonseca

        Because jailbreak needs some security holes unpatched to stay working, violates the terms of service and does not make any sense to stay using a vulnerable device only to be able to customize the color of the icons.

      • Agru

        Violates the terms of service BOOOO HOOOOO 🙁 so sad
        come on, you’re obviously not a jailbreaker and you obviously have no idea what you’re talking about. Change the colour of the icons? That’s what jb is all about?

      • Antonio Fonseca

        Nope, jb also generates a flow of capital in large sums to a gray industry that sells systems vulnerabilities and maintains app stores of mainly pirated software.

        As an exercise of research in systems security I think it’s valid. As industry, execrable. And as a solution to the end users, not recommended.

      • gittlopctbi

        Antonio, so why do you read a blog devoted to jailbreaking? Also, “gray industry?” Any more than, say, the utilities industry for Windows? or Mac? Any more “gray” than what the courts said is OK to do? Your statement about pirated software shows you have no clue about the legit jb developers or repos. And you have a very limited view of what jailbreaking can do and does do for efficiency in using one’s iPhone or iPad. Only changing the color of icons? Are you kidding? As one who has enjoyed a jailbroken device for, what, 7 years now, I find your statements highly ridiculous.

      • “devoted to jailbreaking”
        yes, of course!

      • Agru

        Honestly I don’t give a shit about those sums. Not a single one. It isn’t my business, and these hackers deserve a payment.
        Not recommended if you don’t know what you’re doing. If you do, there’s no problem at all. And if you like your device as it is, keep it like that: jailed, slow and not much more useful than a brick.

      • Andrew

        most if not all of those “security holes” are applicable via USB and require you to not have a passcode set and FindMyiPhone disabled. If you think changing the color of the icons is the reason people jailbreak you simply don’t seem to know what jailbreak is (for). Hope that helps! youtube . com/watch?v=uWEC6X3uet8#t=31

    • iPhoneWINS

      lol you are not secure even when not jailbroken..

  • Ottawa Gamerz

    why in the hell do u want to change boot color LOL

    • The same reason you want to change your wallpaper…personalization.

  • Brian Brown

    thanks for the heads up, Jeff! I think altering the ssh password is ideal due to current sprung issues… what about installing third-party repo for beta purposes?

    Could a prick, (pirate) hack their repo which intentionally hosted a theme or two to have this malicious package masked on their repo?

    lemme know guys!

    • iPhoneWINS

      i never use open ssh

      • Brian Brown

        What’s the difference of open and unopened ?

  • Juan Manuel Ripoll

    How do I know if I have a “shady” repo installed? I have no pirated tweaks whatsoever, not even for that try-before-you-buy nonsense. I do, however, have some private repos installed such a Petrich, Alex Zielenski, Karen etc. Are these repos vulnerable?

    • Chris

      The 3 private repo’s mentioned are fine, typically any tweaks, themes etc.; you need are available on BigBoss of ModMyi.

      The only other repo not well known that I’ve had in the past is pNrE but they only had fixes more than anything.

  • Now that is the first iVirus…as they’ve always said, nothing man-made is unhackable by man.

    • Haduken2g

      iVerge, therefore iThink

  • rubeN

    I guess the only benefit of this would be if you are still under warranty and want to get a fresh looking refurb iPhone, u can brick it and the Genius probably won’t know what is wrong with it.

  • Chris Holden

    question regarding OpenSSH: was it installed when i jailbroke my devices? if the answer is no then i dont need to change my password or worry about this stuff right?

    • Dayton Hasty

      it is not installed by default. If you do have it installed, either uninstall it or change the password. I cannot stress this enough…

    • i’d change the password despitly.

  • iPhoneWINS

    this is not new at all ….

    • Haduken2g

      no?

  • iPhoneWINS

    when you jailbreak an iPhone it becomes as open as a regular desk top computer …

    • Andrew

      Are you serious?

      • Haduken2g

        He is not.

  • Ed

    Good thing I just don’t care about jailbreak crap anymore

  • Haduken2g

    ARCTIC PLS

  • Haduken2g

    *switches to Windows Phone*

    • White Michael Jackson

      *phone comes preloaded with ransom virus*

  • blobmasterer

    so if you change your root password tweaks that use this method to brick your device wont work?

  • elunoysolopapi

    I think it’s time for a tweak that would help prevent this but then who would trust that smh. Why must people be so stupid? Jailbreaking is meant for freedom not to be scared of your your options within Cydia. If something happened to my phone I’d be hunting someone down I didn’t pay roughly $1,200 for my phone so it can be bricked, take that ish to the Google play store. I hope they catch who ever is doing this and expose them how I would love to beat the ish out of who ever is responsible for this
    Keeping it 100
    All day everyday
    -Tweak

  • Guestzor

    And If IPhone has warranty coverage, Apple will replace the phone?!
    Do we have a “spot” for replace equipments :)) lol