Re: Implications of Jail breaking ipod/iphones

[Adam Carlson <ajcarlson () BERKELEY EDU>]

I think it somewhat depends on what you want to do with the iPhone
and what risks you are concerned about.  According to Apple,
jailbreaking the iPhone strips off 80% of the built in protections
and leaves your phone completely vulnerable.

http://www.macworld.com/article/141506/2009/07/jailbreak_security.html

I personally do not buy this story and think that a locked,
un-jailbroken iPhone itself has serious security issues.

The jail breaking process is essentially a circumvention and hacking
of the security model Apple tried to put in place.  The fact that the
iPhone Dev Team has been able to re-hack every new firmware that has
come out shows how fragile and easily broken it is, despite Apple's
attempts to lock it down.  This also means that if your phone is lost
and obtained by a malicious user, they would be able to circumvent
the security model in a similar way to bypass the protections and get
full read-write access to the phone (so don't count on that 4-digit
passcode to protect your data on the 3G.  I still have not heard
enough about the 3GS encryption to tell whether it was implemented
properly, but let's hope so).

That being said, an unbroken iPhone could be considered more
"dangerous" because it is more powerful and will let you do more
things.  For example, you can run an SSH server on a jailbroken
iPhone which is something you cannot do on a locked phone, and
running an SSH server definitely introduces a new vector of attack
(but is anyone going to argue that running an SSH server is so
dangerous that it just shouldn't happen?).  You also have the ability
to install applications that have not gone through the Apple
certification process and those processes will also have the ability
to run as root on an unlocked iPhone:

http://blogs.pcmag.com/securitywatch/2009/03/please_dont_jailbreak_your_iphone.php

(it's funny that the researcher who says it is so dangerous to use an
unlocked iPhone uses....an unlocked iPhone in a
do-as-I-say-not-as-I-do type of manner)

So if you use the unauthorized app software (cydia/icy) to install an
insecure/malicious piece of software, then you could also be
increasing your risk.  However, this is true of any computer system
where installing the wrong piece of software could have harmful
repercussions.  So basically an unlocked iPhone will not be able to
protect you from yourself.  If you know what you're doing, that
probably isn't a problem.  However, if you're not someone who has the
patience or knowledge to research the apps that are installed(or
update them), you might want to stick with the Apple store.  In other
words if you don't feel comfortable having administrator access on a
computer, you also probably shouldn't unlock your iPhone.

The other big issue is that updates are always a question mark on an
unlocked iPhone.  Thus far I believe Apple has allowed you to update
an unlocked iPhone to the new firmware revisions, it just gets
re-locked in the process.  This means that you either have to wait to
update and hope for the iPhone Dev Team to release a new unlock hack
or update the iPhone and not use your jailbroken apps until a new
unlock is released.  Because there have already been a large number
of serious security issues with the iPhone, choosing not to update to
retain use of jailbroken apps could definitely introduce additional risk.

Personally, I don't think anyone with serious security concerns
should be using either a locked or unlocked iPhone 2G or 3G in a
meaningful way.  They just do not have the basic technical controls
that any mobile device should have (mostly disk-based encryption
along with some other things like centralized policy management and
patch management).  The 3GS is still new and I haven't seen a good
technical analysis of how the encryption has been implemented.
Unfortunately with encryption, the devil is in the details, so just
having encryption present is not enough, it also has to be
implemented well.

For more information on the iPhone 2G/3G security model, you might
want to check out this book:

http://oreilly.com/catalog/9780596153588/

I have not had the opportunity to read it yet, but I have heard good
things and the book description tells you what it covers and is possible.

That book's author also has an insightful comment posted on this blog
where he shares his feelings about the Apple's approach to security:

http://anthonyvance.com/blog/forensics/iphone_encryption/

The blog also discusses some of the potential issues associated with
the 3GS, however, I have seem some other sites with a much more
positive review of the 3GS security improvements:

http://db.tidbits.com/article/10416

This is probably way more information than you wanted about the
security of a locked iPhone without actually answering your question,
but hopefully it gives you a little food for thought ;).

-Adam


Russell Fulton wrote:
> I have had several people ask me about this and I have tried  googling
> around the area but most the stuff I have found consists of lists of dos
> and don'ts with little or no background info.
>
> The basic question is what are the security implications of jail
> breaking your iphone?
>
> Clearly this allows one to install applications that have not been
> blessed by Apple (with the risks that that entails).  Are their less
> obvious risks such as making it easier for browser bugs to be exploited
> to do damage?
>
> Like most things in security I suspect that there are cases where phones
> should not be tampered with and others where the risk is acceptable.
>
> I would also appreciate any good references to the iPhone security model.
>
> Russell

--
Adam Carlson
Chief Security Officer
Information Technology
Residential and Student Service Programs
Tel: 510-643-0631
Email: ajcarlson () berkeley edu

"Most of the things worth doing in the world had been declared
impossible before they were done." ~Louis D. Brandeis