The Dual Nature of Jailbreaks
While most traditional computing platforms such as servers and PCs are open by design, the vast majority of mobile devices such as tablets and smartphones are locked down. Tools that circumvent these lockdowns and allow users full control are called “jailbreaks”.
Due to the release of a significant jailbreak for iOS last week, we will spend this briefing looking into what jailbreaks are, what makes this newest one special and why all jailbreaks have a dual nature when it comes to information security.
What are jailbreaks?
Both Google’s Android operating system and Apple’s iOS operating system severely limit the access that an average user has over their device. By default, access to applications that were not downloaded from the official AppStores are blocked, and applications cannot talk to one another or access data other than their own.
This serves three purposes.
For one, it drastically reduces the chance that something the user does will have a negative experience. PCs can often struggle with two otherwise beneficial software packages conflicting with one another. By segmenting (“jailing”) applications, such issues can largely be avoided.
For another, it strengthens the hold that the companies have over their ecosystems. This in turn allows them to profit from the sale of apps long after the initial sale of the device.
Lastly, this regimented system strongly deters malware. Android is relatively lax on this front as apps can be submitted to the Google Play store without a review, but Apple has enforced quite rigorous audits, and they have a relatively good security record to show for it.
In the same vein, Google makes it relatively easy for users to jailbreak (or “root” as it is called in the Android ecosystem) Android devices. In most instances, the user must simply perform a number of specific taps in specific orders to gain full control. The OS’s design philosophy is fundamentally open with the limitations only acting as an optional but default line of defense.
Apple on the other hand has no such feature. The design philosophy of iOS is fundamentally closed. This in turn means that jailbreaking is a much more active topic for iOS than Android devices.
What’s new with this jailbreak?
A jailbreak released last week by a hacker named "axi0mX” is noteworthy for two reasons.
The first one is that no good jailbreak for iOS has been released in almost 5 years. A combination of significant investment into security research by Apple and high white-market and black-market prices for vulnerabilities have all but destroyed the enthusiast-backed market for jailbreaks.
After all, if you can either be a hero to a relatively small crowd of iOS jailbreaking enthusiasts or sell your exploit for several million US dollars, most will choose the later route.
The second reason is that this jailbreak targets the so-called boot rom of iOS devices. Without going into too much detail, this likely means that Apple cannot patch the vulnerability with a software update, meaning that the exploit should work on iPhones from the 4GS up to the X indefinitely.
The dual nature of jailbreaks
All of this is good news for jailbreaking enthusiasts. It means that many more iPhones than previously can be fully customized by their owners, custom software can be installed, SIM-locks can be circumvented, and much more.
But it also means that 5 years worth of iOS devices now have a gaping security hole that likely cannot be fixed. A vulnerability is a vulnerability. And an exploit that abuses it is essentially value neutral. If users choose to use it to unlock their phones, most would consider that a good thing. If state actors use it to place untraceable malware on phones, most would consider that bad.
Unfortunately, both will be the case. While it seems that at this point a wired USB connection is required for the jailbreak, there is no guarantee that hackers won’t find ways around this limitation. Other vulnerabilities may also be used in combination with this one to circumvent the restriction.
But whether a physical connection is required or not, this discovery set iOS security back significantly and puts it on par with that of the Android operating system. This is certain to annoy Apple, which has focused a lot of its marketing materials on security and privacy.
What is important to note however is that no matter your beliefs on the jailbreaking issue, axi0mX did everyone a favor by releasing the exploit. He or she could have just as easily sold it on the black market for significant amounts of money. And having such a critical issue out in the open is always preferable to having it in the exclusive hands of a state actor or criminal organization.