Jailbreaking allows any application to be installed and facilitates operating system, user interface, and system-level tweaks, including installing an SSH client to remotely access the iOS device's file system. Some iOS jailbreaks have been released less than a day after Apple pushed an operating system update.
But finding a way to jailbreak the A5 chip took approximately 10 months. "The endless war we fight to jailbreak has become more and more difficult with each new device released, and our recent battle against A5 only proved this further," said Joshua Hill, aka p0sixninja, who was one of the principle iPhone hackers involved. "After working for months with few tangible results, Chronic Dev hackers tried a new approach--we launched CDevReporter to accumulate all your devices' crash reports, an invaluable source of information for iOS hacking & research."
[ Otherwise respectable mobile apps can trample your privacy, experts say. See Mobile Apps Quietly Steal Your Privacy. ]
CDevReporter enabled jailbreak aficionados to run software on their Mac or Windows PCs that would prevent iTunes from sending iOS crash reports to Apple, and instead send them to a secure server hosted by the Chronic Dev Team. Hill said that after putting out the call for these reports--generated every time an iOS device crashes--in late November 2011, in less than a week they'd received more than 10 million reports, which they began studying for vulnerabilities that could be used to jailbreak iOS 5.0.1.
Jailbreaking is now legal in many countries. That includes the United States, where the legal status of jailbreaking was clarified by the federal government in July 2010. Apple had fought that decision, and since then has continued to issue statements saying that jailbreaking a device could void its warranty. But starting with iOS 4.2.1 in late 2010, Apple excised an API that had been built to detect whether an iPhone was jailbroken.
But does jailbreaking an iOS device make it more of a security risk? "Critics of jailbreaking point out that the only iPhone viruses ever seen in the wild (Ikee and Duh) were for jailbroken phones," said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a blog post. On the other hand, some iOS vulnerabilities have been discovered by the jailbreaking community, such as an iOS zero-day PDF vulnerability, which was patched first not by Apple, but by jailbreakers, and only for jailbreakers.
Even so, businesses should think twice before letting such devices connect to the corporate LAN. "If you're an IT manager and you're currently writing a bring your own device policy allowing users to access company data from their own iPads and iPhones, I recommend that you include a 'no jailbreaking' clause," said Ducklin.
For people who do jailbreak their iOS devices, he recommended at least altering the device's root password. "Apple ships every iPhone and iPad with two accounts, root and mobile, which share the password alpine. You'll want to change these if you jailbreak," he said. That's because jailbroken devices with SSH installed (SSH isn't allowed on devices that haven't been jailbroken) could be remotely accessed and hacked by attackers, if they can determine the root password.
It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)