The hazards of jail breaking
One of the interesting dichotomies of technology is that a given technology or action within a technology can be beneficial or malevolent. For example, you use some Cloud service like email, and the service collects data on you, which they use to provide a very robust service cheaply (or free). You are making a social contract with them that they will not harm you by using that data against you.
Another example is transacting business on-line. To do so, we need to reveal sensitive information (e.g., credit card numbers) to the entity selling the service/product, which can be used properly or improperly, which is why one needs to take care to deal with reputable companies when purchasing on-line.
What does that have to do with this post? Well, jail breaking is generally considered to be benign to the user, with some significant benefits, yet to jail break a device means that a virus will need to be injected into your device to effect the jail breaking. Said another way: Using a virus to jail break one’s phone isn’t considered to be malware by the average user, yet it really is.
So, what is jail breaking? It’s changing the firmware or software in a device to add or modify functionality from what is provided by the manufacturer. Also, it’s used to decouple phones from their assigned carrier so that one can move the phone to a different carrier. It’s this last item that gives jail breaking a positive, maverick perception since it allows the user to decouple from the big, bad telco.
I’m focusing on Apple iOS devices, like the iPhone, iPad and iPod, largely because its been more of a target due to the somewhat draconian restrictions that Apple has placed on them. However, elements of this are applicable to Android and Windows phones.
Ever since the first iPhone hit the market, technologically savvy folks have figured out ways to remove many of the restrictions on the phone, so that they could enhance the functionality as well as to move it from AT&T, since it was the only US carrier that was originally supported. Apple has been clear that to jail break the phone would be the equivalent of opening the case; it will invalidate the warrantee. Also, initially, it was illegal in the US to jail break phones,but I believe that’s been changed.
So, I hadn’t thought about jail breaking too much, though when I got my first iPhone, I considered jail breaking it to allow me to add some functionality that were on Android devices. However, the other day, I ran into a very interesting article by Tech Crunch about how much more difficult its getting to jail break iOS devices. The article describes many of the methods and tools used to jail break devices as well as Apple’s responses.
My revelation from reading the article was that jail breaking phones IS purposefully injecting malware into your phone, but for your benefit rather than someone else’s. Intellectually, I realized this. However, the epiphany was that the tools, websites and methods employed were nearly identical to the tools, websites and methods used by PC malware writer. The only difference was that the jail break hackers are purportedly the good guys.
Consider the primary method to jail break an iPhone, leveraging bugs in the bootrom, which is the firmware that’s used to start the phone as well as provide a layer between the hardware and software. This layer of code is the best location to hack into a device or computer as it (a) is assured to be in the code paths on startup and during operation and (b) isn’t changed when the software is updated. This is the iOS version the BIOS in a traditional PC, which has been the most desirable location for a virus to reside. Starting with the iPhone 5, this crucial piece of code goes into hiding once the phone is running, making it nearly impossible for a hacker to find bugs in the firmware.
The other method to hack an iPhone is to exploit some facet of the OS or apps running on those apps. The problem with hacking at that level is that it’s very difficult to boot a device back into that exploit, which means that this type of jail break typically needs to be tethered (or attached) to a computer on reboot to allow injection. The other problem is that upgrading the software will likely remove the malware.
After reading the article, I came away with the following thoughts:
- Though there is a small, well-known community of hackers providing tools for jail-breaking devices, how does one know they are benevolent? It doesn’t take many crooks to do some real damage.
- Though jail breaking is bad for manufacturers and telcos since it helps users avoid fees for various services, in my opinion, the true value of making devices not hackable is to prevent the injection of real malware.
- If you’ve jail broken your device, assume that its compromised. This means that you shouldn’t perform any financial transactions or any other actions that are sensitive. Also, assume that email and your address books are compromised. Personally, I’d not even connect a jail broken device to home WiFI.
- Now that iPhones and iPads are supported on a variety of carriers and the functionality is more robust, the market is much smaller for jail breaking, except by the few do it because they can.
The most intriguing conclusion that I came to after reading the article is how much more secure iOS devices are getting (and how insecure earlier versions were). The jail breaking community done a significant service by exposing a large number of crucial bugs that Apple has in turn addressed.