Login  |  Register  |  Contact

Jailbreak

Tuesday, February 05, 2013

Great security analysis of the Evasi0n iOS jailbreak

By Rich

Thanks to your friends at Accuvant labs.

Very worth reading for security pros. Peter Morgan, Ryan Smith, Braden Thomas, and Josh Thomas did an excellent job breaking it down. Here’s the security risk:

One important point to make is that unlike the previous jailbreakme.com exploits, which could be used against an unwitting victim, jailbreaks that require USB tethering have a lower security impact, and are usually only useful to the phone’s owner. Attackers are less interested because iPhones with a passcode set will refuse to communicate over USB if they are locked, unless they have previously paired with the connecting computer. So your phone is stolen and it’s locked, attackers won’t be able to jailbreak it. Therefore, only malicious code already running on your computer can leverage USB jailbreaks nefariously.

In case you didn’t know, iOS devices that pair with a computer will re-pair with other user accounts on that computer. It is device-based, not user account based.

–Rich

Monday, February 04, 2013

Prepare for an iOS update in 5… 4… 3…

By Rich

Evad3rs releases an iOS 6.1 jailbreak for all devices.

Update: According to @drscjmm this will not work when a passcode is set, which means we are still in pretty good shape from a security standpoint.

Untethered, which means you still need to plug the device into a computer, but the jailbreak lasts across reboots (this is not remotely executable at this time).

This means all iOS devices are exposed to hands-on forensics, even with a passcode. Data protection still needs to be broken, but an attacker can jailbreak and install a back door to sniff your password if they have physical control of the device for long enough. if you lose your phone and recover it, wipe it and restore from a known unjailbroken backup.

From the jailbreak notes:

Please disable the lock passcode of your iOS device before using evasi0n. It can cause issues.

I can’t test right now, but will be interesting if a passcode prevents the jailbreak, or is sometimes just an obstacle. Please leave comments if you know or find out.

Update: As we said above, a passcode appears to block this jailbreak, which is good.

(Hat tip to The Verge for the link).

–Rich

Wednesday, January 30, 2013

Remember, every jailbreak is a security exploit

By Rich

See update at the bottom

TechHive’s piece on the new iOS 6.1 jailbreak.

Only works on the pre-A5 processors, which means the iPhone 4S and iPad 2 and later are safe. The device must be connected to a computer for it to work.

This is a tethered jailbreak which means it goes away when the device is rebooted. But this same technique enables you to forensically dump the phone, and all data is exposed except unless encrypted with Data Protection or another technique (see my Defending Data on iOS paper).

It (and the source articles) suggests that an untethered jailbreak for all devices is coming. I can practically guarantee Apple will patch that pretty much immediately, because it will be a massive security issue allowing any attacker to control any iDevice that visits a malicious web page.

If it’s real.

Update: I misspoke a bit – my bad. Untethered doesn’t necessarily mean remote – it means the jailbreak persists across reboots. The security risks are obviously much less. Sleep deprivation is not my friend.

–Rich