Thanks to your friends at Accuvant labs.
Very worth reading for security pros. Peter Morgan, Ryan Smith, Braden Thomas, and Josh Thomas did an excellent job breaking it down. Here’s the security risk:
One important point to make is that unlike the previous jailbreakme.com exploits, which could be used against an unwitting victim, jailbreaks that require USB tethering have a lower security impact, and are usually only useful to the phone’s owner. Attackers are less interested because iPhones with a passcode set will refuse to communicate over USB if they are locked, unless they have previously paired with the connecting computer. So your phone is stolen and it’s locked, attackers won’t be able to jailbreak it. Therefore, only malicious code already running on your computer can leverage USB jailbreaks nefariously.
In case you didn’t know, iOS devices that pair with a computer will re-pair with other user accounts on that computer. It is device-based, not user account based.
Comments