iPhone Jailbreak Shows What Security Hole Could Do

Jailbreaking your iPhone is very easy now, but it also demonstrates how easy it is for someone to gain complete control of your iPhone via a flaw in the Safari browser.jailbreakme-iphone-4-jailbreak

To get functionality that Apple has disallowed, like free tethering over USB, Bluetooth or Wi-Fi or using Facetime over 3G instead of just Wi-Fi, all you have to do is jailbreak your iPhone. Tethering is using your iPhone as an Internet source by connecting your phone to your computer using USB, Bluetooth or Wi-Fi. Facetime is the video conferencing application that is part of the new iPhone 4.

The process of jailbreaking has become extremely easy to do with recent appearance of a special web site that will jailbreak your phone without requiring you to download and run any software on your computer as was previously necessary; you simply visit the site and give it permission to do it’s magic on your iPhone. As the video below shows, all you have to do is swipe the red bar just like you would if you were unlocking or shutting down your iPhone. The site exploits serious security flaw that Apple has failed to patch, leaving the iPhone vulnerable to nefarious people.

As you can see from the video, the web site was able to download the software and run it right on the users iPhone giving it access to the low level operating system of the phone. While users may want to do this with the jailbreaking site, what if someone does a Google search for some term he or she is interested in and a site is created that shows up in the search results and the person visits. He or she taps a link that is purposely mislabeled. Instead of going to another page, it fools the user into opening PDF file that then runs some code, unwittingly giving the site permission to take control of the phone and potentially do destructive things like copy passwords, erase contents, or ruin the phone so that it is just an expensive paper weight?

Security software maker, Symantec is saying what all of us are thinking: fix the hole, Apple! The company’s researchers discovered the site. Up till now the problem has been an academic one. But with the jailbreaking site exploiting the hole giving users the ability to jailbreak their iPhone, now anyone could reverse engineer the code and use it to do something else.

9to5mac demonstrates Jailbreaking via Jailbreakme.com

Strangely, according to Crunchgear, the only current defense is to actually jailbreak your iPhone and install a piece of software that gives you a notice every time you are actually downloading a PDF file. If a third-party engineer can create such a program, then Apple should be able to fix this quickly as well.

It is not advisable to jailbreak your phone as a means to block the hole since that can void your warranty. Instead, be very careful about what sites you visit until Apple produces a fix.

It is uncertain if visiting such a site on an alternative browser would cause the problem or not. I attempted to run the site using Opera and it only gives you the FAQ page when you visit it and not the actual jailbreaking page. So that might be a good alternative until Apple issues a fix. But still, be very careful with the site you visit even in an alternative browser.

Related Posts