BigBoss repo database hacked, ripBigBoss leaks all paid and free tweaks

 

cydia-bigboss-repo-ui

It’s an independent, third-party installer application for all the iDevices. Developed by Jay Freeman (Saurik), it’s similar to the official App Store. However, it brings apps and tweaks that can be downloaded for free or for a small charge. You get to use apps that wouldn’t have been possible otherwise. If you are wondering, why we need Cydia to add new tweaks, Simple, because it offers you what Apple doesn’t. For example, you can only set audio ringtones for incoming calls on iOS. VUZIQ is a new Cydia tweak available through the BigBoss repo which allows you to set video ringtones for incoming iOS calls, and it’s free. None the less, Installous which is the best app to get from Cydia, it will let you install all the apps (Free & premium) on your device

BigBoss, one of the default repositories for jailbreak tweaks in Cydia, has allegedly been hacked by an individual or a group of individuals whose identity is still unknown.

The attackers were apparently able to gain access to all packages (paid and free) that are available in the BigBoss repo, and made the deb index and database available for download. The assailants went as far as creating a new repo which can be added to Cydia to download all BigBoss-hosted tweaks.

As is always the case when this type of security breach happens, jailbreak users should be cautious and stay away from this

This claim was made by a group called ‘Kim Jong-Cracks’ who are seemingly big fans of the North Korean dictator.They say that they have gathered 13,943 items from the repository that amount to 19,460.6MB of data. A feat that took them ’2 years’ to achieve. They call this hacked version of BigBoss repo the ripBigBoss.

The ripBigBoss website created by hackers uses Saurik’s recent “Competition vs Community” as a motivation behind their activities, but it could be also an attempt to hide their actual identity. Additionally, they are promoting the use of #WhichSideAreYouOn and #SupportTheCompettition hashtags as well.
Kim Jong-Cracks claims to have injected those free packages with malware, but Jay Freeman commonly known as Saurik, the creator of Cydia, believes it untrue. Still, packages hosted by the original BigBoss repository is considered to be safe

Saurik’s Statement

This article mentions malware being potentially injected into the BigBoss repository; we do not believe this to be the case. Packages in Cydia repositories are cryptographically verified from the repository package index. I have an index of all historic changes to the package indices for default repositories, and have verified that the content on BigBoss did not change in ways that the repository administrators did not expect.

Hacker’s Statement:

Regarding malware in the ripbigboss repo: I downloaded all the packages and checked their MD5s against the MD5s listed by bigboss.

All the packages had matching checksums other than the ones listed here:https://ghostbin.com/paste/6xsdz

Any packages not listed are guaranteed not to have malware. Other packages probably don’t either, but I haven’t explicitly checked.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s