Jailbreaking For All
Since the iPhone was launched in early 2007, people have been dissatisfied with Apple’s software restrictions and have set about trying to ‘jailbreak’ them. This is basically a clever way of making your iPhone accept unsigned code by unlocking the OS and allowing root access. Whilst this was the privilege of the techy for several years, and basically consisted of a ‘cat and mouse’ game between the hackers and the iPhone developers, it has now been legalised. Now that the Library of Congress says it’s officially ‘ok’ to do, a website has sprung up that provides the service – Jailbreakme.com.
Excellent then, no more standing in Apple’s ‘walled garden’ of software, off to stretch the limits of the iPhone…
A few small points first. Jailbreakme.com, as far as we know, is a benign service simply aimed at unlocking phones. It does, however, exploit a flaw in the way iOS handles PDF documents to gain access. Once inside it sets itself up with administrator privileges and proceeds to jailbreak the phone. All fine, if a little sneaky, but it tells you what it’s going to do. The problem would be that anyone can exploit this flaw now, and inevitably other jailbreaking services will spring up, and they could be doing anything without your knowledge.
The next point is that while all these new, free apps and programs may seem wonderful, you don’t know who made them or for what for. There is no vetting system. If iPhone apps still cause trouble today, after surviving Apple’s ‘thorough’ security system and developer vetting process, then who knows what will appear in unlicensed software. There are already reports of worms that can snaffle your credit card details when using a jailbroken handset.
Obviously, Apple now know about this security flaw, but with the decision that jailbreaking is technically legal, will they fix it? If they do, it will only prompt a search for another ‘back door’ to be exploited. This also applies to programs such as ‘Google’s App Inventor’, whose open source interface allows anyone to make an app (with any kind of dodgy code) and put it up for sale. Generally, this is part of a much larger problem, which is data. The amount of data that is collected at any point by your phone, computer or other device is ever increasing. With the advent of online payments and the like, now more than ever you need to pay attention to what you install or agree to.
Update: Halfway through writing this Apple announce they have a fix for the PDF hole that jailbreakme.com exploits. Cue the search for the next one…