Hackers Jailbreak iPad 2, iPhone 4S - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile

Hackers Jailbreak iPad 2, iPhone 4S

It took 10 months for hackers to crack iOS 5.0.1. Workplaces that allow bring your own device need to act immediately to avoid potential security risks.

10 Companies Driving Mobile Security
10 Companies Driving Mobile Security
(click image for larger view and for slideshow)
Owners of an iPhone 4S or iPad 2 running iOS 5.0.1 can now jailbreak their devices.

The Chronic Dev Team announced Friday that it had successfully created the new jailbreak for the iPhone 4S and iPad 2, both of which sport a dual-core A5 processor.

Jailbreaking allows any application to be installed and facilitates operating system, user interface, and system-level tweaks, including installing an SSH client to remotely access the iOS device's file system. Some iOS jailbreaks have been released less than a day after Apple pushed an operating system update.

But finding a way to jailbreak the A5 chip took approximately 10 months. "The endless war we fight to jailbreak has become more and more difficult with each new device released, and our recent battle against A5 only proved this further," said Joshua Hill, aka p0sixninja, who was one of the principle iPhone hackers involved. "After working for months with few tangible results, Chronic Dev hackers tried a new approach--we launched CDevReporter to accumulate all your devices' crash reports, an invaluable source of information for iOS hacking & research."

[ Otherwise respectable mobile apps can trample your privacy, experts say. See Mobile Apps Quietly Steal Your Privacy. ]

CDevReporter enabled jailbreak aficionados to run software on their Mac or Windows PCs that would prevent iTunes from sending iOS crash reports to Apple, and instead send them to a secure server hosted by the Chronic Dev Team. Hill said that after putting out the call for these reports--generated every time an iOS device crashes--in late November 2011, in less than a week they'd received more than 10 million reports, which they began studying for vulnerabilities that could be used to jailbreak iOS 5.0.1.

Jailbreaking is now legal in many countries. That includes the United States, where the legal status of jailbreaking was clarified by the federal government in July 2010. Apple had fought that decision, and since then has continued to issue statements saying that jailbreaking a device could void its warranty. But starting with iOS 4.2.1 in late 2010, Apple excised an API that had been built to detect whether an iPhone was jailbroken.

But does jailbreaking an iOS device make it more of a security risk? "Critics of jailbreaking point out that the only iPhone viruses ever seen in the wild (Ikee and Duh) were for jailbroken phones," said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a blog post. On the other hand, some iOS vulnerabilities have been discovered by the jailbreaking community, such as an iOS zero-day PDF vulnerability, which was patched first not by Apple, but by jailbreakers, and only for jailbreakers.

Even so, businesses should think twice before letting such devices connect to the corporate LAN. "If you're an IT manager and you're currently writing a bring your own device policy allowing users to access company data from their own iPads and iPhones, I recommend that you include a 'no jailbreaking' clause," said Ducklin.

For people who do jailbreak their iOS devices, he recommended at least altering the device's root password. "Apple ships every iPhone and iPad with two accounts, root and mobile, which share the password alpine. You'll want to change these if you jailbreak," he said. That's because jailbroken devices with SSH installed (SSH isn't allowed on devices that haven't been jailbroken) could be remotely accessed and hacked by attackers, if they can determine the root password.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll