Mobile
News
1/23/2012
11:07 AM
Connect Directly
RSS
E-Mail
50%
50%

Hackers Jailbreak iPad 2, iPhone 4S

It took 10 months for hackers to crack iOS 5.0.1. Workplaces that allow bring your own device need to act immediately to avoid potential security risks.

10 Companies Driving Mobile Security
10 Companies Driving Mobile Security
(click image for larger view and for slideshow)
Owners of an iPhone 4S or iPad 2 running iOS 5.0.1 can now jailbreak their devices.

The Chronic Dev Team announced Friday that it had successfully created the new jailbreak for the iPhone 4S and iPad 2, both of which sport a dual-core A5 processor.

Jailbreaking allows any application to be installed and facilitates operating system, user interface, and system-level tweaks, including installing an SSH client to remotely access the iOS device's file system. Some iOS jailbreaks have been released less than a day after Apple pushed an operating system update.

But finding a way to jailbreak the A5 chip took approximately 10 months. "The endless war we fight to jailbreak has become more and more difficult with each new device released, and our recent battle against A5 only proved this further," said Joshua Hill, aka p0sixninja, who was one of the principle iPhone hackers involved. "After working for months with few tangible results, Chronic Dev hackers tried a new approach--we launched CDevReporter to accumulate all your devices' crash reports, an invaluable source of information for iOS hacking & research."

[ Otherwise respectable mobile apps can trample your privacy, experts say. See Mobile Apps Quietly Steal Your Privacy. ]

CDevReporter enabled jailbreak aficionados to run software on their Mac or Windows PCs that would prevent iTunes from sending iOS crash reports to Apple, and instead send them to a secure server hosted by the Chronic Dev Team. Hill said that after putting out the call for these reports--generated every time an iOS device crashes--in late November 2011, in less than a week they'd received more than 10 million reports, which they began studying for vulnerabilities that could be used to jailbreak iOS 5.0.1.

Jailbreaking is now legal in many countries. That includes the United States, where the legal status of jailbreaking was clarified by the federal government in July 2010. Apple had fought that decision, and since then has continued to issue statements saying that jailbreaking a device could void its warranty. But starting with iOS 4.2.1 in late 2010, Apple excised an API that had been built to detect whether an iPhone was jailbroken.

But does jailbreaking an iOS device make it more of a security risk? "Critics of jailbreaking point out that the only iPhone viruses ever seen in the wild (Ikee and Duh) were for jailbroken phones," said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a blog post. On the other hand, some iOS vulnerabilities have been discovered by the jailbreaking community, such as an iOS zero-day PDF vulnerability, which was patched first not by Apple, but by jailbreakers, and only for jailbreakers.

Even so, businesses should think twice before letting such devices connect to the corporate LAN. "If you're an IT manager and you're currently writing a bring your own device policy allowing users to access company data from their own iPads and iPhones, I recommend that you include a 'no jailbreaking' clause," said Ducklin.

For people who do jailbreak their iOS devices, he recommended at least altering the device's root password. "Apple ships every iPhone and iPad with two accounts, root and mobile, which share the password alpine. You'll want to change these if you jailbreak," he said. That's because jailbroken devices with SSH installed (SSH isn't allowed on devices that haven't been jailbroken) could be remotely accessed and hacked by attackers, if they can determine the root password.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Richard Rosen
50%
50%
Richard Rosen,
User Rank: Apprentice
1/24/2012 | 1:36:48 PM
re: Hackers Jailbreak iPad 2, iPhone 4S
My customers often request a way to monitor iPads, which does not exist. For example, a company was planning to change out laptops for iPads for its mobile sales force, but didn't because they could not install a monitoring application.

Because Apple does not open its code so an application can be developed to do this legitimately, this could be a reason, although it would be peripheral and not an answer to your question of number one reason. But it might shed light on motivation.
p0sixninja
50%
50%
p0sixninja,
User Rank: Apprentice
1/24/2012 | 12:29:00 PM
re: Hackers Jailbreak iPad 2, iPhone 4S
We've been working on this jailbreak since the iPad2 was released in April. About 10 months ago.
csglinux
50%
50%
csglinux,
User Rank: Apprentice
1/24/2012 | 1:13:57 AM
re: Hackers Jailbreak iPad 2, iPhone 4S
"It took 10 months for hackers to crack iOS 5.0.1." - Really? When iOS 5.0.1 was only released publicly on November 10th?! Even iOS 5.0 was only released in October. The longest you can stretch that out is 3 months.
Brian
50%
50%
Brian,
User Rank: Apprentice
1/23/2012 | 8:57:45 PM
re: Hackers Jailbreak iPad 2, iPhone 4S
As an owner of many Apple devices I haven't jail broken any of them. However what is the primary reason people have hacked their device? I know you can add other apps and change settings but what is the number one reason to justify the potential security risk to your information? A jail break curious consumer.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.