OWObreak.me – Malicious iOS Configuration Profile soft bricks any iPhone

iOS profiles are safe to install, right? Well, this new iOS Mobile Configuration Profile proves otherwise. Here’s all you need to know about it.

OWObreak.me profile forces a restore

OWObreak.me is a proof of concept that demonstrates how malicious mobile configuration profiles can harm your iPhone. It is developed by the eminent web developer, Joseph Shenton.

This malicious profile is very dangerous especially for sideloaders who are always accessing new package installers.

While jailbreakers don’t install a lot of profiles, such a profile may cause you to force update to the latest firmware version.

owobreak

Here’s how it works.

  • The user opens the website and installs the mobile configuration profile.
  • The profile enables all restrictions present in iPhone. It also adds a password policy.
  • It finally installs a mammoth 10,000 web clips with long names to the user’s device.
  • This renders the device unresponsive and hence forces a clean restore.

This website has two profiles – the first one is 6.9MB in size whereas the other one is more powerful and weighs 319.8MB. The difference between these two profiles is the number of web clips they install.

Remember, this malicious profile can also affect devices other than the iPhone that is, iPad and iPod touch.

How can I keep my iPhone safe?

Joseph has deliberately developed OWObreak.me to brick an iOS device. Therefore, you need not worry about bricking your device using this website.

With that being said, a hacker or unethical web developer can still use the exact same concept to brick your device. Thankfully, this kind of an “attack” simply can’t work without user intervention.

hacker

If you visit a malicious webpage, you will still need to manually install the profile before anything happens. If you choose not to install that particular profile, you will be safe.

Here are a few tips you must keep in mind before installing a profile.

  • Always verify the source of the profile and ensure it is developed by a reputed developer.
  • Use a strong passcode so no one can access your device and install a profile.
  • Pay attention to what a profile is trying to do while installing it. Settings section displays everything a profile can access.

If you happen to own a spare device, don’t forget to install OWOBreak.me profile on it.

For more security news and updates, follow us on Twitter and Facebook.

Leave a Reply