Jailbroken iPhones – Security Risk?
Turns out that if you jailbreak your iPhone you remove most of the Apple’s security protections — 80% to be exact — and are vulnerable to attacks. At least according to Charlie Miller:
“If you care about security, don’t use a jailbroken iPhone,”
Miller, speaking at SyScan in Singapore, believes that by jailbreaking you open your device some major risks. The operating system on an iPhone is basically a watered down version of Mac OS X. For those of you who are unfamiliar with Macs, Mac OS X is the latest OS that Apple computers run. Macs are generally known for pretty risk-free machines with a few exceptions. Those exceptions being Java, Adobe Flash, and PDF files. The major risk on the iPhone is opening your device up to any application available on Cydia/Icy. iPhones will generally only run applications that are digitally signed by Apple, this is not the case when jailbroken. So if you don’t know what you are installing, there is a possibility you can be in for a world of hurt.
Of course just a few hours ago Rene told you about the huge vulnerability within the iPhone’s SMS application that Charlie found, so nothing is completely safe.
Does this scare you away from jailbreaking your iPhone? Perhaps you are thinking about doing a restore and going legit from now on? Let us know if this warning from Charlie sways you to avoid the jailbreaking life!
[Via Macworld]
July 3rd, 2009 at 11:01 am
Well I understand the premise behind this, but it pretty much just brings your security down to that of a PC which most of us live with anyway.
Plus, I doubt using SBsettings and Winterboard is compromising anything.
Maybe Apple should approve more/better apps to keep us from jailbreaking.
July 3rd, 2009 at 11:04 am
@Joe, Miller is not saying that every application via Cydia will create issues for you, it’s just that you are at a higher risk of installing something that may be risky.
July 3rd, 2009 at 11:07 am
What about jailbreaking itself introduces these vulnerabilities? How does it affect Java, Flash and PDFs? Does the iPhone even have Flash?
Is it just a matter of being careful about what you install to your JB phone?
July 3rd, 2009 at 11:08 am
I agree that Apple should give us a reason not to jailbreak like better apps such as SBsettings. so should I restore my phone? its running hot from jailbreak anyway.
July 3rd, 2009 at 11:10 am
I just jailbroke my 3GS with purplera1n and I’m familiar enough with jailbreak to not install things im not familiar with so this i would just advice the people new to jailbreaking to do more research before they jump into jailbreaking waters!
July 3rd, 2009 at 11:12 am
@PSM, Mac OS X main vulnerabilities are within Java, Flash, and PDF files. Hence leaving itself open to more risks. For the most part, yes, be careful what you install.
July 3rd, 2009 at 11:12 am
I mean is it a a bad thing to use Ultrasn0w, SBsettings and winterboard? why is iPhone 3G running hot?
July 3rd, 2009 at 11:14 am
Ever since I jailbroke my iPhone 3G has been running hot. Is this bad?
July 3rd, 2009 at 11:22 am
@Zak Saber yes thats a bad thing, i destroyed my old 3g battery when i was jailbroken. i would highly recommend restore to the apple firmware.
July 3rd, 2009 at 11:24 am
ok thanks Jesh.
July 3rd, 2009 at 11:52 am
Well it is open to the risk of your own stupidity.
July 3rd, 2009 at 11:57 am
How about Apple shut the hell up and release meaningful updates that addresses simple things. Why did it take until 3.0 to get Copy and Paste.
Apple is full of worms. Suck it.
July 3rd, 2009 at 11:58 am
Maybe if Apple allowed Voip Over 3G, and custom themes… no one would jailbreak in the first place. But nooo… iPhone isn’t capable of doing that
July 3rd, 2009 at 12:10 pm
It’s just saying that you are more likely to download something sketchy if you are jailbroken. Which is true. You can’t download anything sketchy from the App store. However, unless you are randomly downloading stuff from Cydia, it seems like you would know what you are downloading. There are lots of forums online where users describe there experiences with specific jailbreak apps so you can get a good sense of whether or not it will work for you.
July 3rd, 2009 at 12:12 pm
Children children. You can’t always have what you want when you want it! If you jb your phone just be prepared for the risk. You are wrong to blame apple for “making” you jailbreak. Lol ” the devil made me do it” kind of thinking is silly!
There are a gazillion other phones out there. Go get one!!!
July 3rd, 2009 at 12:22 pm
Actually its not that bad after all. Again what this blog said unless you know what you’re installing then you’re fine. Foreign **** stay away from.
July 3rd, 2009 at 12:23 pm
This is impossible! There are no security flaws in anything produced by Apple. The deity that is the cancer-ridden Jobs simply would not allow it.
July 3rd, 2009 at 12:25 pm
Yeah, I suppose you may be more vulnerable or at risk however I sure am loving my Jailbroken 3GS!
July 3rd, 2009 at 12:36 pm
After having jailbroken my phone I can’t go back to being unjailbroken. It’s too boring just having the App store. I know I’m smart enough with this thing by now to know what to avoid in Cydia or how to fix something if there is a problem. But I think a lot of people who are new to jailbreaking don’t realize whats what in Cydia and install anything they feel like, then they end up restoring every other day and complain all over the place.
July 3rd, 2009 at 12:52 pm
The phone SUCKS when it’s not jailbroken. You can’t do much, and most of the apps are worthless. So if you just want to use your phone as a phone (which people don’t do much nowadays), don’t jailbreak. Otherwise jailbreak. Who cares if you get a so-called “iPhone virus.” What would it do anyways? Sorry for being so harsh, but I just hate the stock iPhone.
July 3rd, 2009 at 12:52 pm
To answer your it wouldn’t deter me from jailbreaking my iPhone. Most of the people that have been breaking for a while have know that it’s always a risk. It’s just lime when u download torrents or open links in emails that might not be from who it’s surpose to be. To me it’s just the signs of the times, with that bring on purple rain.
July 3rd, 2009 at 12:53 pm
After having a jailbroken phone I don’t see how you can go back to a legit one. I mean I use to spend hours on my phone, and now i have the 3GS and it’s just not the same. The only reason I uograded from the 3g to the 3GS was to get the 600mhz, because I use backgrounder thru jailbreak. If apple gives us multitasking I wouldn’t jailbreAk.
July 3rd, 2009 at 1:13 pm
The consensus that Jailbreaking leads to the potential for security flaws does not HAVE TO BE that way.
If Jailbreaking does not remove the sandbox structure that Apple built into the OS, there would be less chance of dodgie software from Cydia doing any real damage.
What’s needed in the Cydia world is open source and/or peer review against a set of standards. That would pretty much guarantee better and more secure apps.
July 3rd, 2009 at 1:20 pm
@Allday314:
The rumor of backgrounding sure got a lot of play prior to release 3.0. But it went nowhere. One wonders if that whole noise came out of wishes and dreams, or if some beta testers were skirting the NDA.
One has to wonder if the bulk and majority of the “Running HOT” complaints are from JB phones.
Otherwise, why not just take it back to Apple and get a new phone, rather than jump on every Blog, Forum, and news outlet.
July 3rd, 2009 at 1:43 pm
Haha, because the gestapo App Store approvers are security experts, so by installing one of the 50,000+ apps on your phone “Approved by APPLE!” then definitely no security issues?
Get real. Yes, if you jailbreak your phone, enable the SSH server, forget/fail to change the root and mobile user passwords and install a bunch of **** from jim bob’s random repository you might just be a bit more open than you’d prefer. Same as installing something on your Mac box or Win box (though far more likely on your Win box).
I, for one, live by and love apps like xGPS, MCleaner, SBSettings and NemusSync. I love that I can tweak the GUI to be the way that I want it. I really like the ability to run scripts from a real command prompt. I like being able to use Fring/Skype to do VoIP calls over 3G. I like being able to record video with CyCorder.
In short, my iPhone 3G is just like my computers: customized and tweaked to fit MY needs, not Steve Jobs’ needs, your needs or the general population’s needs. MY iPhone. MY needs.
July 3rd, 2009 at 1:45 pm
whatever… FUD as far as I’m concerned.
The need for the jailbreak will go away when Apple gives developers sufficient capability to do the things that users want, or does them themselves. Until that happens, there will be a need for the jailbreak.
To whit: I’ve heard pundits go on and on about whether Apple will improve alerts for the iPhone like the Pre… will they put notification icons in the status bar so you don’t have to go looking for tokens on springboard icons.
Well, guess what? Anyone will jailbreak has been able to get notification icons up in the status bar almost since the friggin’ jailbreak and Cydia have been available. In fact there are two different implementations now. And yes it improves efficiency big time because you can see at a glance which types of notifications await — and it compliments push notification because those apps (like Beejive IM) don’t have to be running.
So enough with the debate over whether or not we need the jailbreak. How about redirecting that energy to the more useful pursuits of enabling all developers to do this sort of thing legitimately or get Apple to fix functionality gaps?
July 3rd, 2009 at 2:50 pm
Apparently nobody understands with Charlie is saying. This has nothing to do with users taking riskier behavior. This has to do with disabling the security mechanisms that are on factory iPhones.
A factory iPhone will only run signed code. This makes the majority of exploit techniques fail. Almost every exploit technique involves getting your shellcode running. On a factory iPhone you can’t do that. On a jailbroken iPhone it’s easy.
The only remaining exploit technique that works on factory iPhones is ret-to-lib. If you’re clever, you can create tools to help you exploit ret-to-lib well, as Charlie is planning on presenting at Blackhat 09. But when Apple implements ASLR on the phone (whenever that will happen), running shellcode will be nearly impossible (nearly because there’s always the possibility that someone will find some currently unknown hole).
July 3rd, 2009 at 3:59 pm
One thing to do to help secure your iphone after jailbreaking is to change your root password.
July 3rd, 2009 at 4:01 pm
Of course jailbreaking can make the device more vulnerable, but it also allows you to close the holes you open up manually. It also allows you to close certian Apple installed holes Apple Killswitch perhaps.
I see this as Apple propaganda. First they tried to scare would be jailbreakers by claiming it was illegal, and it voids your warranty. That didn’t work it actually backfired, some were swayed into the jailbreak in defiance to the legality. Now they are trying to appeal to peoples need for security.
Real deal is Apple is losing money because some choose to download and use cracked apps. sure it shouldn’t be like that, but people will almost always go for the free when it’s offered.
Jailbroken devices are no more unsecured than stock devices. Hackers are very patient folks, and if they really want in your device then they will do what it takes to get into your device. It only takes a few seconds of hands on with a device to get the info needed to gain remote access. It only takes the phone number to get the data address. Invisible SMS on the iPhone is not new. Apps were using SMS to send and receive information since App Store opening. The Apple Killswitch more than likely used this exact method, until push went live, but push more than likely is a higher form of invisible SMS. If you doubt the existence of Apples being able to remotely crash your device jailbreak and install SBsettings then go into the more menu then extras and options. When the killswitch is used your device will crash and then when rebooted give you the iPhone activated message on the lockscreen. Then suddenly all your media is gone, the device is seen as a new device and named iPhone when connected to iTunes. Apples Big Brother tactics and methods are not kewl in the slightest bit. Invisible SMS exists. Apps like Weatherbug and Loopt even when first released advised those not on unlimited SMS plans that they could effect billing and cause substantial overages by way of over the limit SMS sent and received. These warnings were quickly removed from the Apps descriptions. Wonder Why? Oh maybe because it announced a huge hole in the devices security, and outed Apples hand for total control of your device.
Bottom line if you have something to hide or are doing something you should not be doing then a smartphone is not for you, Because there is a very high likelihood that device could be used to gather intel on the nefarious deeds you are up to. You think with probable cause law enforcement would just stop at taping your voice connection. No! It stands to reason that by now they can activate the gps, the mic, the camera, copy all the contact, notes, and other various places that an idiot would think detailed information would be safe. On the flip side if you really think all your bank and credit card info is safe on your smartphone think again. No random password generator on your device is going to help once the hacker is inside, because they can access aforementioned password generator, and all the other bank and credit card apps on your device. If you think Apple doesn’t have governement ties then why did they in the 08 keynote speech talk about how the remote wipe was a feature they purposefully put into the firmware for corporate and government security. Their words not mine. If they were in contact with the governement on what features tehy would need to use the device they were also in discussion of what law enforcement agencies would need in place for intel gathering.
Look I am aware that my comment borders on conspiracy theory, but it should just be common sense. You think it’s just an oversight that deleting files doesn’t really get rid of them? Or that file shredding programs have a DOD method. No. You really think Apple did not know that there was a huge open hole in the SMS? Im not getting rid of my iPhone, and I wouldn’t recomend anyone else, but if you are up to no good and using a computer and a smartphone it should be common knowledge that those devices will be used to gather intel on your nefarious deeds. You’re an idiot for doing those things in the first place, and even more so for leaving a trail. Apple nor the Gov cares if the tools they use catch innocents in the crossfire. Come on you have to break a few eggs to make an omelette. Am I proposing some sort of big brother constant watch through ones devices? NO. I mean that kind of operation would take countless man hours and require a huge billions of dollar server farm, and who has that kind of time and money. That’s just ridiculous, but the use of ones device to gather legitimate intel in the course of a lawful investigation? Yes one would have to be an idiot to over look a resource like this. Criminals sure wouldn’t over look it as a resource and opportunity. Foreign governments would not over look it as a way to gather intel on US millitary and officials.
Look if I with no hacking experience at all can jailbreak a coworkers phone and install a few things while setting it up for them, can gain remote access of their device just for the sheer fun of ******** with them. then any one with some real knowlede can do it. But let me make this clear I would never use Veency to make my mother my dead father was talking to her through her iphone. Just to set the record straight.
July 3rd, 2009 at 4:22 pm
@Brad Zimmerman:
How is that working out for you?
Is call quality ok on 3G?
July 3rd, 2009 at 5:01 pm
since i jailbroke again, my apps have been closing very slowly
July 3rd, 2009 at 8:07 pm
So Miller says:
The major risk on the iPhone is opening your device up to any application available on Cydia/Icy. iPhones will generally only run applications that are digitally signed by Apple, this is not the case when jailbroken. So if you don’t know what you are installing, there is a possibility you can be in for a world of hurt.
I’m fairly new to the whole app store thing. Can someone explain what “digitally signed by Apple” means? I assume it means some checksum in the app that ensures that what your phone gets is truly what Apple sent; eg. you aren’t susceptible to a man-in-the-middle attack when buying an app. Good.
But does Apple’s signature mean they endorse the behavior of the app? If the app bricks your phone is Apple liable? If the app conceals its own backdoor, connects to a botnet, and gets you in trouble with the FBI or RIAA, is Apple responsible?
Does anyone really think Apple not only has the source code of every app in its store, but has also conducted a security audit on each app to ensure it has no viruses, backdoors, etc.? Couldn’t anyone embed a backdoor in a harmless-looking app and sneak it past Apple?
While I’m asking questions, I’ll return to the first one…why is running apps from the app store safer than running apps from Cydia or Icy?
July 3rd, 2009 at 8:54 pm
Ou. Charlie bit me.
July 4th, 2009 at 2:07 am
Give me custom SMS/Email tones and an app similair to SBSettings to control WiFi, Bluetooth, 3G etc and I won’t need to Jailbreak will I?
Trouble is Apple does the flashy bits really well and then forgets about the basics!
S
July 6th, 2009 at 1:26 am
honestly, security on the iphone relies on security through obscurity, we don’t get security patches from apple on a regular basis, we only get monolithic ’service packs’.
security on the device is going to suck. apple’s essential response to a security intrusion on the iphone would be to re-flash some trusted firmware. and if god forbid you want to verify the security of your phone yourself, you have to jailbreak it.
so code signing by itself isn’t going to cut it.
/schneier fan
July 6th, 2009 at 10:24 am
how long jailbreaking started? how many malicious apps have been found on Cydia? how many people claim their jb iphone was damaged by such an app?
if ANY such dangerous app appeared on Cydia, it would signaled has such by the community in seconds, and after only the retarded would be using it…
July 11th, 2009 at 9:17 pm
@Brad Zimmerman
Your post is the only worthwhile one on here. So true and so hilarious! Thanks for the meaningful insight!
July 14th, 2009 at 12:57 pm
So I jailbroke my iPhone 3G over the weekend and it was great…at first. Now today, I try to open any app that I downloaded from the Apple AppStore and they open for 1-2 seconds then close. I’ve rebooted multiple times with no luck. All stock apps run fine and anything I loaded from Cydia works fine but nothing else. FK jailbreaking this thing, I didn’t spend 200 dollars and wait in line for an iPhone just to fk it up. Keep that in mind….I also didn’t download anything except a GPS app and a skin.
July 15th, 2009 at 7:34 pm
Brendan,
I had the same issue when I jailbroke my iphone 3g. You will have to remove the apps from the iphone and then reload the apps that you had on your device prior to the jailbreak. That’s the process I followed when I had the exact same issue. You should then be ok. My jailbreak has been working fine since I solved that issue.
July 16th, 2009 at 10:10 am
If you don’t like the iphone as it is, and feel the need to jailbreak it for it to become the phone you want, then why bother buying one? There are hundreds of phones out there – buy one of them and stop whinging!
July 24th, 2009 at 12:49 pm
Why put rims on a car? Or a sound system? Or tint the windows? That’s the same reason people Jailbreak their Iphones.
July 26th, 2009 at 12:32 pm
If u jailbreak your iPod and you put in your credit card can’t you kinda get in trouble? Arrested? Sued? Like that lil 12 yr old girl who got sued by napster those yrs back for downloading illegal data etc…?
September 23rd, 2009 at 11:41 am
@ pimpossible. You put what on your credit card? You bought a jailbroken phone or you paid someone by credit card to jailbreak your phone?
Either way, if you pay for a jailbroken phone, your an idiot. If you paid someone to jailbreak your phone, your retarded. If someone sold a jailbroken phone online it’s more than likely because they effed it up and want to dump the problem on someone else while getting paid to do so.
Paying someone to jailbreak your phone is just retarded. You can easily do it yourself if your willing to learn the very few simple steps and download a very easy to use program. Honestly, a crippeled moneky could do it.
Now that I’ve finished scalding you for being an idiot, the answer to your question is no. You can not and will not get in trouble by the police if you jailbreak or pay to jailbreak your phone. The only time such an event would occur is if you were also buying heroin with your credit card and the idiot listed it as heroin and the police investigated.
Jailbreaking your iPhone is not illegal. It just “voids your warrenty” unless you revert to the simple out of box iPhone os.
September 30th, 2009 at 5:19 am
Brad Zimmerman Says:
July 3rd, 2009 at 1:43 pm Haha, because the gestapo App Store approvers are security experts, so by installing one of the 50,000+ apps on your phone “Approved by APPLE!” then definitely no security issues?
Get real. Yes, if you jailbreak your phone, enable the SSH server, forget/fail to change the root and mobile user passwords and install a bunch of **** from jim bob’s random repository you might just be a bit more open than you’d prefer. Same as installing something on your Mac box or Win box (though far more likely on your Win box).
I, for one, live by and love apps like xGPS, MCleaner, SBSettings and NemusSync. I love that I can tweak the GUI to be the way that I want it. I really like the ability to run scripts from a real command prompt. I like being able to use Fring/Skype to do VoIP calls over 3G. I like being able to record video with CyCorder.
In short, my iPhone 3G is just like my computers: customized and tweaked to fit MY needs, not Steve Jobs’ needs, your needs or the general population’s needs. MY iPhone. MY needs.
Amen Brad!! Well Said.. Apple should take note of the Jailbreaking Community, If they opened up the Iphone like Legends of IphoneDevs & Cydia did there would be a F&*K load People not Jailbreaking there Iphones.
@Brandon Heat QUOTE – Jailbreaking your iPhone is not illegal. Not Tru, Apple have takin it to court to Make it Illegal because we are Opening there OS……