iOS 11 was released to the public on September 19. It gives users hundreds of new features and brings support to the new iPhone models. However, many problems have emerged soon after the release.
Many users have complained about the reduced battery life, delayed responses and frozen screens. Although those issues have stopped many iOS 10 users to not upgrade their device, the main concern for those users is security.
According to a recent blog on Trend Micro, a malicious profile was found that can render an iOS device irresponsible and gives access to photos and documents without entering a password. The blog stated “Regardless if it was created as a prank or to gain notoriety, its attack chain is notable, as attackers can weaponize the iOS feature.”
This profile, “YJSNPI”, was originated in Japan by a jailbreaker known as “iXintpwn”. The effect of the profile is mainly installing a huge number of useless applications and rendering the device unusable. Those apps have the icon known as “Beast Senpai” as a reference to a meme on Japanese online forums. Side effects of this profile include: overheating of the battery due to increased amount of computation, and allowing anyone to see all of the device’s photos without a password. Although it is not possible to remove the profile on the affected device, Trend Micro has found a way to fix it. “Affected users can use Apple Configurator 2, Apple’s official iOS helper app for managing Apple devices via a Mac, to remove it,” the blog states.
YJSNPI is now spread around the internet disguised as harmless profiles. Some of them might be described as a “hacked” version of a popular app, others may promise jailbreak on iOS 11. Weaponized versions have also surfaced which is unremovable without a full restoration of the device.
The most recent iOS 11.0.1 update and the private beta for iOS 11.1 have added security measures to fix this issue. Users with those firmwares will not be able to install the malicious profile directly from the phone, but it is still possible to install the profile through iCloud drive or a computer.
After learning about this breach, senior Sydney Einck was concerned “It shouldn’t be a part of the phone where malicious profiles can be installed at all.” However, Einck thinks this loophole may also serve some good: “it can be used to get information out of a criminal’s phone.”
At this point, it is advisable to hold off on the iOS 11 upgrade if you have not already done so. If the upgrade is already made, there is no way to downgrading the phone back to iOS 10 since the verification for it is closed. Regardless of the version of the software and platform, one should exercise caution when it comes to untrustworthy sites and apps.