Hackers Jailbreak iPad 2, iPhone 4S - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Hackers Jailbreak iPad 2, iPhone 4S

It took 10 months for hackers to crack iOS 5.0.1. Workplaces that allow bring your own device need to act immediately to avoid potential security risks.

10 Companies Driving Mobile Security
10 Companies Driving Mobile Security
(click image for larger view and for slideshow)
Owners of an iPhone 4S or iPad 2 running iOS 5.0.1 can now jailbreak their devices.

The Chronic Dev Team announced Friday that it had successfully created the new jailbreak for the iPhone 4S and iPad 2, both of which sport a dual-core A5 processor.

Jailbreaking allows any application to be installed and facilitates operating system, user interface, and system-level tweaks, including installing an SSH client to remotely access the iOS device's file system. Some iOS jailbreaks have been released less than a day after Apple pushed an operating system update.

But finding a way to jailbreak the A5 chip took approximately 10 months. "The endless war we fight to jailbreak has become more and more difficult with each new device released, and our recent battle against A5 only proved this further," said Joshua Hill, aka p0sixninja, who was one of the principle iPhone hackers involved. "After working for months with few tangible results, Chronic Dev hackers tried a new approach--we launched CDevReporter to accumulate all your devices' crash reports, an invaluable source of information for iOS hacking & research."

[ Otherwise respectable mobile apps can trample your privacy, experts say. See Mobile Apps Quietly Steal Your Privacy. ]

CDevReporter enabled jailbreak aficionados to run software on their Mac or Windows PCs that would prevent iTunes from sending iOS crash reports to Apple, and instead send them to a secure server hosted by the Chronic Dev Team. Hill said that after putting out the call for these reports--generated every time an iOS device crashes--in late November 2011, in less than a week they'd received more than 10 million reports, which they began studying for vulnerabilities that could be used to jailbreak iOS 5.0.1.

Jailbreaking is now legal in many countries. That includes the United States, where the legal status of jailbreaking was clarified by the federal government in July 2010. Apple had fought that decision, and since then has continued to issue statements saying that jailbreaking a device could void its warranty. But starting with iOS 4.2.1 in late 2010, Apple excised an API that had been built to detect whether an iPhone was jailbroken.

But does jailbreaking an iOS device make it more of a security risk? "Critics of jailbreaking point out that the only iPhone viruses ever seen in the wild (Ikee and Duh) were for jailbroken phones," said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a blog post. On the other hand, some iOS vulnerabilities have been discovered by the jailbreaking community, such as an iOS zero-day PDF vulnerability, which was patched first not by Apple, but by jailbreakers, and only for jailbreakers.

Even so, businesses should think twice before letting such devices connect to the corporate LAN. "If you're an IT manager and you're currently writing a bring your own device policy allowing users to access company data from their own iPads and iPhones, I recommend that you include a 'no jailbreaking' clause," said Ducklin.

For people who do jailbreak their iOS devices, he recommended at least altering the device's root password. "Apple ships every iPhone and iPad with two accounts, root and mobile, which share the password alpine. You'll want to change these if you jailbreak," he said. That's because jailbroken devices with SSH installed (SSH isn't allowed on devices that haven't been jailbroken) could be remotely accessed and hacked by attackers, if they can determine the root password.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Richard Rosen
Richard Rosen,
User Rank: Apprentice
1/24/2012 | 1:36:48 PM
re: Hackers Jailbreak iPad 2, iPhone 4S
My customers often request a way to monitor iPads, which does not exist. For example, a company was planning to change out laptops for iPads for its mobile sales force, but didn't because they could not install a monitoring application.

Because Apple does not open its code so an application can be developed to do this legitimately, this could be a reason, although it would be peripheral and not an answer to your question of number one reason. But it might shed light on motivation.
User Rank: Apprentice
1/24/2012 | 12:29:00 PM
re: Hackers Jailbreak iPad 2, iPhone 4S
We've been working on this jailbreak since the iPad2 was released in April. About 10 months ago.
User Rank: Apprentice
1/24/2012 | 1:13:57 AM
re: Hackers Jailbreak iPad 2, iPhone 4S
"It took 10 months for hackers to crack iOS 5.0.1." - Really? When iOS 5.0.1 was only released publicly on November 10th?! Even iOS 5.0 was only released in October. The longest you can stretch that out is 3 months.
User Rank: Apprentice
1/23/2012 | 8:57:45 PM
re: Hackers Jailbreak iPad 2, iPhone 4S
As an owner of many Apple devices I haven't jail broken any of them. However what is the primary reason people have hacked their device? I know you can add other apps and change settings but what is the number one reason to justify the potential security risk to your information? A jail break curious consumer.
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll