I know many techies have this innate urge to tweak things and feel constrained by what Apple brings to the table with stock iOS, so they opt to jailbreak their beloved iPhone for various reasons. What a lot of people do not realize is, now confirmed by the Hacking Team hack, is jailbreaking your iPhone actually opens it up for far more exploits and nefarious use by malicious actors (emphasis added):

That external analysis has now been complemented by the Hacking Team’s internal documents. One pricelist shows a €50,000 ($56,000) price tag on an iOS snooping module with the note, “Prerequisite: the iOS device must be jailbroken.”

While jailbreaking an iOS device to install software has been a continuously sought-after option, and one that’s constantly revised by different parties as Apple fixes the exploits that allow it, there’s always been a concomitant knowledge that jailbreaking renders an iPhone or iPad vulnerable. Apple is certainly protecting its ecosystem, but researchers agree it’s also protecting system integrity.

Nick DePetrillo, a principal security researcher at Trail of Bits, says, “Jailbreaking your iPhone is running untrusted third-party exploit code on your phone that disables security features of your iPhone in order to give you the ability to customize your phone and add applications that Apple doesn’t approve.”

This should be fairly common sense. It is quite obvious the act of jailbreaking, for all intents and purposes, disables some iOS security feature so that the device can be used to run untrusted applications. If you jailbreak your phone and were unaware of this, then I suggest you restore your phone back to a known good stock iOS version, such as the recently released iOS 8.4

Although installing the malware on a jailbroken iOS device would seemingly require physical access, the related exploit of jailbreaking via malware installed on a trusted computer would allow bypassing that limitation.

Researchers have also found so far that Hacking Team has a legitimate Apple enterprise signing certificate, which is used to create software that can be installed by employees of a company who also accept or have installed a profile that allows use of apps signed by the certificate. It was shown last November that an enterprise certificate combined with a jailbroken iOS device could be used to bypass iOS protections on installing apps. Further, Hacking Team had developed a malicious Newsstand app that could capture keystrokes and install its monitoring software.

Still want to jailbreak?