iOS 9 isn't even out yet, but the OS has already been successfully jailbroken. This means you'll be able to unshackle the hardware restrictions from your iPhone 6S or 6S Plus as soon as you pull it out of the box. While there are certainly benefits to jailbreaking your iOS device, it also opens up a range of significant threats. If you're thinking of going down this route, be sure to read this first...
Photo: Getty Images
iPhone users can choose from 1.5 million official apps. But for some, that’s not good enough. To add a personal touch and enjoy their device to the fullest, they alter the operating system to bypass standard settings and restrictions. This opens up a myriad of additional apps and configuration tweaks through alternative app stores. However, jailbreaking also removes the strict security that Apple built into iOS.
Potentially harmful apps
Jailbreaking your iPhone will take you from Apple’s safe, controlled environment to an exciting, yet risky place where malicious, unauthorised apps may reside. The danger got real when some 200,000 Apple users had their Apple credentials stolen by an iOS malware dubbed "KeyRaider," targeting only jailbroken iOS devices.
Jailbreaking began in 2007-2008, when early iPhone adopters craving more apps started installing third-party tools like AppSnapp and ZiPhone. These gave them root-level access to the iOS file system and manager (unrestricted rights and permissions to all files) to install additional apps or tweaks — from UI hacks (like adding the five-icon dock or the Android-like-switching) or unofficial apps (like classic console emulators).
As rebellious as it sounds, jailbreaking’s biggest problem is that it disables the "sandboxing" feature of iOS, an essential piece of the operating system's security architecture. Sandboxing ensures third-party apps access only certain pieces of user data and of the OS so apps can’t normally flip through an address book, photos or location data without the user’s knowledge. Disabling sandboxing, however, lets apps access your data without asking for permission.
Jailbroken devices can also allow governments to tap into your device. It was revealed that the notorious Hacking Team, the company specialised in hacking-as-a-service, could silently hijack jailbroken iOS devices.
Late security updates
After you’ve jailbroken your iPhone or iPad, you can’t update iOS without reverting to the un-jailbroken default mode. Besides this nuisance, sometimes you have to wait days or weeks before an updated jailbreak toolkit becomes available.
It’s not all about you
As personal as it may seem, this decision can have a major impact inside an organisation. In a corporate environment, if a vulnerable device connects to a company-owned network, it can become a gateway for intrusions.
To help avoid breaches, an enterprise BYOD policy would need to ban the use of jailbroken phones. And since most malware needs to be manually installed, companies also need to educate users about the personal and business risks associated with a rooted or jailbroken device.
However, if you decide to "free" your device, remember to follow the below steps:
- Change your root password. Root is the iPhone's administrator account, and it provides access to everything on the phone. But everybody knows Apple’s default root password, so anyone with knowledge in connecting via SSH can easily access the contents of your iPhone wirelessly. It’s best to change it as soon as possible.
- Update your mobile user password. This is the regular user account on the device.
- Be careful what apps and software you trust. Download apps from reputable sources to reduce the chances of getting infected.
Jailbreaking is a two-edged sword so, before taking any action, think twice: are you trading security for convenience?
Alexandra Gheorghe is a security specialist at Bitdefender.