Wednesday, July 13, 2011

JailBreakMe is a Free Pass for Hackers




















One year ago this month, jailbreaking was made legal in the USA, having found that Apple's claims of copyright infringement were not convincing.

Now, popular hacker squad JailBreakMe has made jailbreaking your iPhone easier than ever. Jailbreaking, of course, is when a user hacks into their phone in order to gain administrative access that was previously blocked by the manufacturer. (To an Android user, it's known as "rooting," as in obtaining "root" access.) Such access allows the installation of unofficial operating systems, custom ROMS, unapproved apps, and more. To be sure, given the "approval" system imposed by the Apple App Store, jailbreaking can be very appealing.

JailBreakMe 3.0, the latest version of the software, does away with complicated procedures and tethering your iOS device, and allows you to unlock all the extra goodies online, from a Safari browsing window, on JailBreakMe.com. The process is even reversible (handy, considering Apple's tight restrictions on warranty). Naturally, the site uses an unpatched flaw in iOS's structure to gain admin rights. In this case, the flaw is in how Safari displays PDFs, and once past that point, the jailbreaking floodgates open.

However, where there's a JailBreakMe exploit, there's a legitimate security hole.

Sites like JailBreakMe make the process much simpler.

But if visiting the JailBreakMe website with Safari can cause a security vulnerability to run the site's code, just imagine how someone with more nefarious intentions could also abuse the vulnerability to install malicious code on your iPad or iPhone.

If they exploited the same vulnerability in a copy-cat manoeuvre, cybercriminals could create booby-trapped webpages that could - if visited by an unsuspecting iPhone, iPod Touch or iPad owner - run code on visiting devices.

A website like JailBreakMe is making it easy to jailbreak your iPhone or iPad - but it could also be said to be giving a blueprint to malicious hackers on how to infect such devices with malware.


To be clear, JailBreakMe doesn't create holes; it just exploits them. The problem is that if helpful hackers can get past Apple's (lack of) security, malicious hackers can, too. While it might delay the JailBreakMe party some, it is imperative that Apple patch the flaw to prevent trojans from marching in. Browser poisoning is one such risk that users now face. As always, we recommend users adopt strong challenge-response and TDS authentication to mitigate any infiltrations.


One last note on jailbreaking:
Anyone worth their hacking salt can tell you about the dangers of "bricking." For the layman, "bricking" a device means rendering it completely useless as a tech object, i.e. like a brick. Jailbreaking and rooting both run the risk of bricking if not done precisely. This is why, much like an anesthesiologist and his varied patients, there are specific procedures for each device. The jailbreaking community is a dedicated one (the list for Android devices alone is staggering, as it should be considering the number of OS versions floating around).

Perhaps the scariest thing about this flaw is that remote jailbreaking initiated by fraudsters runs the (same) risk of destroying the phone, or at least voiding the warranty, as an adventurous (and legitimate) end-user. For a sloppy attacker, a device may just be ruined before any real attacking occurs. On Android phones, in particular, bootloaders are usually unlocked for rooting purposes, breaking manufacturer rules and warranties. This is fine if the device owner accepts the consequences ahead of time, but what about those that don't care to wake up one day to find their device irreversibly altered? Users are now victims from multiple potential vectors.

No comments:

Post a Comment