Wednesday, July 13, 2011

JailBreakMe is a Free Pass for Hackers




















One year ago this month, jailbreaking was made legal in the USA, having found that Apple's claims of copyright infringement were not convincing.

Now, popular hacker squad JailBreakMe has made jailbreaking your iPhone easier than ever. Jailbreaking, of course, is when a user hacks into their phone in order to gain administrative access that was previously blocked by the manufacturer. (To an Android user, it's known as "rooting," as in obtaining "root" access.) Such access allows the installation of unofficial operating systems, custom ROMS, unapproved apps, and more. To be sure, given the "approval" system imposed by the Apple App Store, jailbreaking can be very appealing.

JailBreakMe 3.0, the latest version of the software, does away with complicated procedures and tethering your iOS device, and allows you to unlock all the extra goodies online, from a Safari browsing window, on JailBreakMe.com. The process is even reversible (handy, considering Apple's tight restrictions on warranty). Naturally, the site uses an unpatched flaw in iOS's structure to gain admin rights. In this case, the flaw is in how Safari displays PDFs, and once past that point, the jailbreaking floodgates open.

However, where there's a JailBreakMe exploit, there's a legitimate security hole.

Sites like JailBreakMe make the process much simpler.

But if visiting the JailBreakMe website with Safari can cause a security vulnerability to run the site's code, just imagine how someone with more nefarious intentions could also abuse the vulnerability to install malicious code on your iPad or iPhone.

If they exploited the same vulnerability in a copy-cat manoeuvre, cybercriminals could create booby-trapped webpages that could - if visited by an unsuspecting iPhone, iPod Touch or iPad owner - run code on visiting devices.

A website like JailBreakMe is making it easy to jailbreak your iPhone or iPad - but it could also be said to be giving a blueprint to malicious hackers on how to infect such devices with malware.


To be clear, JailBreakMe doesn't create holes; it just exploits them. The problem is that if helpful hackers can get past Apple's (lack of) security, malicious hackers can, too. While it might delay the JailBreakMe party some, it is imperative that Apple patch the flaw to prevent trojans from marching in. Browser poisoning is one such risk that users now face. As always, we recommend users adopt strong challenge-response and TDS authentication to mitigate any infiltrations.


One last note on jailbreaking:
Anyone worth their hacking salt can tell you about the dangers of "bricking." For the layman, "bricking" a device means rendering it completely useless as a tech object, i.e. like a brick. Jailbreaking and rooting both run the risk of bricking if not done precisely. This is why, much like an anesthesiologist and his varied patients, there are specific procedures for each device. The jailbreaking community is a dedicated one (the list for Android devices alone is staggering, as it should be considering the number of OS versions floating around).

Perhaps the scariest thing about this flaw is that remote jailbreaking initiated by fraudsters runs the (same) risk of destroying the phone, or at least voiding the warranty, as an adventurous (and legitimate) end-user. For a sloppy attacker, a device may just be ruined before any real attacking occurs. On Android phones, in particular, bootloaders are usually unlocked for rooting purposes, breaking manufacturer rules and warranties. This is fine if the device owner accepts the consequences ahead of time, but what about those that don't care to wake up one day to find their device irreversibly altered? Users are now victims from multiple potential vectors.

10 comments:

  1. You’ve got some interesting points in this article. I would have never considered any of these if I didn’t come across this. Thanks!. Emus4U

    ReplyDelete
  2. Thanks so much for this information. I have to let you know I concur on several of the points you make here and others may require some further review, but I can see your viewpoint. TweakBox

    ReplyDelete
  3. Your information is a beneficial.That’s great to read this blog, you are a good and having the wonderful skills. Really appreciable, thanks for sharing this wonderful blog. professional hacker for hire

    ReplyDelete
  4. It's very nice of you to share your knowledge through posts. I love to read stories about your experiences. They're very useful and interesting. I am excited to read the next posts. I'm so grateful for all that you've done. Keep plugging. Many viewers like me fancy your writing. Thank you for sharing precious information with us. Best hackers for hire website service provider.

    ReplyDelete
  5. You know,Reading someone's messages can be impossible for those who don't know hacking tips and tricks.But I know a spy app at here.It is a great tool to spy on other people’s chats, call logs, and multimedia files without letting them know.

    ReplyDelete
  6. Wow! Thank you! I constantly wanted to write on my site something like that. Can I take a portion of your post to my website? Best Verified hackers for hire service provider.

    ReplyDelete
  7. This is excellent information which is shared by you. This information is meaningful and magnificent for us to increase our knowledge about it. Keep sharing this kind of information. Thank you. Read more info about Hire A Hacker Online

    ReplyDelete
  8. Your blog is very valuable which you have shared here about Ethical Hacker For Hire. I appreciate your efforts which you have put into this article and also it is a gainful article for us. Thank you for sharing this article here.

    ReplyDelete
  9. I liked your work and, as a result, the manner you presented this content about Hire A Hacker to Fix Credit Scorec.It is a valuable paper for us. Thank you for sharing this blog with us.

    ReplyDelete
  10. Your blog took to me an entirely significant spot. It is a beneficial and factual article to enhance knowledge. Thanks for sharing an article like this.Hire A Verified Hacker in Usa

    ReplyDelete