Jailbreaking puts iPhone owners at risk, says researcher
Modified iPhones lack security defenses, says 'Pwn2own' winner Charlie Miller
Computerworld - Jailbroken iPhones are much easier to hijack, a noted security researcher said today, and the proof is in the worm that has infected some Australian phones.
The worm, known as "ikee," has been billed as the first iPhone worm, a title that Charlie Miller, famous for hacking iPhones and Macs, said is accurate. "I'd say it was a worm," said Miller. "It spreads, and it executes remote code, so it's a worm." Miller also agreed that it was the first, saying that although he and others have crafted exploits that compromise the iPhone, they have never been wrapped into a worm.
Miller, formerly with the National Security Agency and now an analyst with Baltimore-based Independent Security Evaluators (ISE), was one of three researchers who uncovered the first iPhone vulnerability in July 2007, just weeks after Apple debuted the smartphone. He's also known for successfully hacking Macs two years running at the annual "Pwn2own" contest, and is the co-author of The Mac Hacker's Handbook.
The ikee worm was released last Wednesday by Ashley Towns, a 21-year-old unemployed programmer from Wollogong, Australia, who told the IDG News Service that he intended it as a prank, and as a lesson to users who jailbroke their iPhones.
Miller, however, said that the lesson is more than the one Towns maintained: that users should change the default password of the SSH (secure shell) Unix utility. Towns' worm accessed others' iPhones using that default password, then changed their devices' wallpaper. SSH lets users connect to their iPhone remotely over the Internet over a encrypted channel.
"A year ago, I didn't think that jailbroken iPhones were less secure than those that weren't jailbroken," said Miller. "But I've changed my mind."
By jailbreaking an iPhone -- the term describes the process of modifying a device so its owner can download and install unauthorized software -- people leave themselves open to attacks that an unaltered iPhone would easily deflect, said Miller.
"The obvious reason why they're less secure is that you get extra software on the iPhone when you jailbreak," noted Miller, referring to the tools necessary to both hack the smartphone and install applications not approved by Apple. "But there are other, less-obvious reasons, too."
Among the latter is the fact that by design, a jailbroken iPhone allows software to run as "root," the Unix-based user account allowed to access the entire operating system. That gives hackers automatic access to everything on the iPhone, something not possible on a standard iPhone without an existing vulnerability and a working exploit.
"Jailbroken iPhones don't obey the security model of the iPhone," Miller said. "The whole point [of jailbreaking] is to break the security model."
Jailbreaking sidesteps other Apple-created security defenses for the iPhone, including the "sandbox" that applications are restricted to when they run. "Sandboxing prevents apps from doing things like accessing other apps," noted Miller.
And jailbreaking an iPhone also gives hackers a much easier entry into the iPhone's operating system, which is a bare bones version of the Mac OS X operating system Apple uses for its laptop and desktop computers. "The iPhone's OS is really stripped," said Miller. "There's no shell, for example. So for an attacker, normal shell code doesn't run on an iPhone that's not been jailbroken."
In fact, some of the earliest exploits written for the iPhone assumed that the phone had been jailbroken.
"Apple made it really hard to break into the iPhone," Miller said, citing a layered defense that includes DEP (data execution prevention). "But jailbreaking breaks all those, including DEP," he added.
The ikee worm may be the first on the iPhone, but Miller's betting that it won't be the last. "There's not a lot of mobile expertise out there yet," said Miller. "But as that changes, we'll see more and more exploits, and worms are built on exploits."
- Apple's CarPlay vs. MirrorLink: Is there a need for both?
- Apple's CarPlay to spark mobile apps war in your car
- iTunes is almost as big a biz as OEM Windows
- Icahn says 'I can't' and stops $50B fight over Apple stock buyback
- Lenovo-Moto deal's impact on Apple? Zip
- Office 365 turns one, but success is tough to tally
- Everyone bets on bigger iPhone for '14
- Apple's iPod business collapses as revenue becomes a rounding error
- Update: More than 1B smartphones were shipped in 2013
- Cook admits Apple blew the call on the iPhone 5C
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts