Tag

jailbreak

Browsing

I know many techies have this innate urge to tweak things and feel constrained by what Apple brings to the table with stock iOS, so they opt to jailbreak their beloved iPhone for various reasons. What a lot of people do not realize is, now confirmed by the Hacking Team hack, is jailbreaking your iPhone actually opens it up for far more exploits and nefarious use by malicious actors (emphasis added):

That external analysis has now been complemented by the Hacking Team’s internal documents. One pricelist shows a €50,000 ($56,000) price tag on an iOS snooping module with the note, “Prerequisite: the iOS device must be jailbroken.”

While jailbreaking an iOS device to install software has been a continuously sought-after option, and one that’s constantly revised by different parties as Apple fixes the exploits that allow it, there’s always been a concomitant knowledge that jailbreaking renders an iPhone or iPad vulnerable. Apple is certainly protecting its ecosystem, but researchers agree it’s also protecting system integrity.

Nick DePetrillo, a principal security researcher at Trail of Bits, says, “Jailbreaking your iPhone is running untrusted third-party exploit code on your phone that disables security features of your iPhone in order to give you the ability to customize your phone and add applications that Apple doesn’t approve.”

This should be fairly common sense. It is quite obvious the act of jailbreaking, for all intents and purposes, disables some iOS security feature so that the device can be used to run untrusted applications. If you jailbreak your phone and were unaware of this, then I suggest you restore your phone back to a known good stock iOS version, such as the recently released iOS 8.4

Although installing the malware on a jailbroken iOS device would seemingly require physical access, the related exploit of jailbreaking via malware installed on a trusted computer would allow bypassing that limitation.

Researchers have also found so far that Hacking Team has a legitimate Apple enterprise signing certificate, which is used to create software that can be installed by employees of a company who also accept or have installed a profile that allows use of apps signed by the certificate. It was shown last November that an enterprise certificate combined with a jailbroken iOS device could be used to bypass iOS protections on installing apps. Further, Hacking Team had developed a malicious Newsstand app that could capture keystrokes and install its monitoring software.

Still want to jailbreak?

Forbes has done some outstanding writing on their article about inside China’s iphone jailbreaking industrial complex:

It was a bizarre trip hosted by an equally bizarre and secretive entity called TaiG (pronounced “tie-gee”), which flew the hackers to China to share techniques and tricks to slice through the defences of Apple’s mobile operating system in front of an eager conference-hall crowd. Why such interest and why such aggrandisement of iOS researchers? In the last two years, jailbreaking an iPhone – the act of removing iOS’ restrictions against installing unauthorized apps, app stores and other features by exploiting Apple security – has become serious business in China. From Alibaba to Baidu, China’s biggest companies are supporting and even funding the practice, unfazed at the prospect of peeving Apple, which has sought to stamp out jailbreaking ever since it became a craze in the late 2000s.

Any hacker who can provide the full code for an untethered jailbreak, where the hack continues to work after the phone reboots, can expect a big pay check for their efforts. “Many experts agree the price for an untethered jailbreak is around $1 million,” says Nikias Bassen, aka Pimskeks, a lanky 33-year-old iOS hacker who is part of the evad3rshacker collective. More often, sellers of iOS zero-day vulnerabilities – the previously-unknown and unpatched flaws required for jailbreaks – make thousands if not hundreds of thousands of dollars from Chinese firms, private buyers or governments, in particular three-letter agencies from the US.

Such big sums are on offer due to the explosion of the third-party app store industry in China. There are at least 362 million monthly active mobile app users in China, according to data provided by iResearch. Whilst smartphone owners in Western nations are content within the walled gardens of Apple and Google app stores for their games, media and work tools, the Chinese are fanatical about apps and want the broadest possible choice from non-Apple app stores. Jailbreaks, which do away with Apple’s chains and allow other markets on the device, are thus vital to meeting that demand.

I had no idea jailbreaking was such big money in China, however somehow I am not surprised at all by this development.