
Pangu iOS 9.3.3 jailbreak dangerous? Paypal money stolen from Reddit users
A Reddit jailbreak thread got lots of attention this past weekend over some serious issues : a jailbreak user lost $50 from his Paypal account, right after he jailbroke his phone! He claims he did not use any pirated tweaks/hacks and used a dummy Apple ID. He noticed the transfer was made to a Hotmail email address and someone logged into his Paypal account from Beijing. Does this location ring any bells? It’s the same location the jailbreak Enterprise certificate is from. Other Reddit users had the same problem or even worse : credit card purchases worth $600 or Facebook accounts hacked. Cydia creator Saurik pointed the finger at 25PP site/creators. He said he trusts Pangu, but not 25PP, they have shady ways of coding. Instead he suggested these incidents might have a connection with this year’s hacks : tumblr, LinkedIn and others. People tend to re-use their passwords, therefore it is possible they got hacked because of this practice. The Pangu team denies any wrong doing and said they will investigate these incidents further.
Neither we nor 25pp would be so stupid to make money by hacking users paypal account via jailbreak tool. We hope to find out the truth asap.
— PanguTeam (@PanguTeam) July 31, 2016
We register reddit official account at https://t.co/1OsjCHZ5Z1
— PanguTeam (@PanguTeam) July 31, 2016
Is the Pangu 9.3.3 jailbreak tool safe?
This is a tough question. This particular jailbreak had some issues from the get-go. The app you would use to re-jailbreak will expire after just 7 days. iPOD Touch and iPAD devices had problems jailbreaking, until Pangu released a new update. Some people trust Pangu, even after these reports. But the best way to sum up the conclusion to this question is to quote Luca Todesco, the author of the original 9.3.3 exploit :
Remember: Jailbreaking your device makes it extremely insecure, no matter what.
— qwertyoruiop (@qwertyoruiopz) July 30, 2016
Remember to only use official pangu releases or self signed versions. Random versions on the internet can easily be compromised.
— qwertyoruiop (@qwertyoruiopz) July 30, 2016