BigBoss repo Is Hacked ? [UPDATED]

Any user who jailbroken his device probably heard about BigBoss repo, one of the default repositories that offers tons of jailbreak tweaks, themes, tones and more.. Today it is has been allegedly hacked by individual or a group of hackers, it is still unknown.

The anonymous attackers were able to gain access to all package that BigBoss offer (Free and paid) and made the deb index and database available for download. The assailants went as far as creating a new repo which can be added to Cydia to download all BigBoss-hosted tweaks.

This is considered a security breach and in this cases, jailbreakers should stay away from Cydia store for awhile until getting further details about this breach. 

Dubbed ripBigBoss, the website and companion repo are using Saurik’s recent “Competition vs Community” as a motivation for their acts, pushing the use of the #WhichSideAreYouOn and #SupportTheCompetition hashtags. It’s important to note that this verbiage could certainly be used as some sort of disguise in order to blur their tracks and put the blame on different groups of people.

So what should I do now ? 

NOTE: We advice our readers to stay away from Cydia and not to open it until telling you that everything is under control and don't ever touch BigBoss repo or install any package from it. 

BigBoss repo manager 0ptimo has yet to comment on this security breach, but it is safe to assume he’s probably hard at work on securing his assets to prevent a future breach.

As a safety measure, and until more light is shed by official parties on this, we suggest not installing or updating tweaks that are hosted in the BigBoss repo. While the potentiality of malware being injected in the official repo is very unlikely, you’re better safe than sorry.

As usual we will keep you updated with anything new from Saurik or 0ptimo for more details. Stay tuned.

UPDATE: We've got the following statement from Saurik:
This article mentions malware being potentially injected into the BigBoss repository; we do not believe this to be the case. Packages in Cydia repositories are cryptographically verified from the repository package index. I have an index of all historic changes to the package indices for default repositories, and have verified that the content on BigBoss did not change in ways that the repository administrators did not expect.


blog comments powered by Disqus
Octofinder Blog Catalog