I have been a long time jailbreaker of my iPhone and have frequently documented the process on my blog. When I first started doing it, it was definitely not for the weak at heart, however, now it is becoming so easy to do, even the non-technical user can do it…and that is where it gets dangerous.
In the past, you used to have to connect to your iPhone via a SSH session and then run a series of commands to release the lock that had been placed over the operating system. Sometimes it worked and sometimes you were left with a beautiful $300 paperweight (otherwise known as “bricking” your phone). The process was definitely difficult and, I believe, scared off enough people to not be that big of an issue.
Over the past few years, the iPhone Dev community (e.g., the guys who worked on jailbreaking and unlocking of iPhones) have made the whole opening up of the iPhone incredibly easy, to the point where they could almost commercialize the process. In fact, some people now offer this 1-2-3 process as a paid-for activity (which I personally think is wrong).
Yesterday, I read (and tweeted) about a story where by visiting a website and downloading a PDF document you could jailbreak your iPhone 4 or iPad and my initial thought was WOW, this process is REALLY getting easy.
Now, I’m reading how using the same process, an exploit in how fonts are pulled into a PDF document when opening it, hackers can get control of your iPhone or iPad. I think this whole thing has gone a bit too far. And, since it is now “legal” to jailbreak, I think more people will start doing it. Just remember that Apple say that if you jailbreak your iPhone, you also void your warranty. So with this new exploit out here, you could potentially say that you visited a website that did the jailbreak without you knowing it.
While I’m not saying that Apple should completely open up the iOS to the community without any controls whatsoever, I am saying that something needs to be done to quell the compulsion to jailbreak. Most of the time, the only reason to jailbreak or unlock is to either install non-Apple approved iPhone apps or to allow user to use the iPhone on other carriers.
If Apple allowed the phone to be on any carrier, that would eliminate that attraction. The process of allowing non-Apple vetted applications on the iPhone is a completely different matter. Perhaps they could allow 2 versions of the iOS, one supported and one unsupported. Or perhaps they could allow the setup of users and roles on the iPhone. That way, you could set up a role that is “protected” which means that 3rd party applications could be installed but still the core OS would be protected. Then in a different role, you would only run Apple certified applications.
One way or another, as the jailbreak process gets easier and easier, hackers or malicious coders will find other ways to exploit this process, which means that more people will try to jailbreak (or hit sites that automatically exploit their iPhones). The same sort of thing is happening with the Android phones as well, in fact the Droid X I believe has a kill process that basically bricks your phone if you try to “root” it (gain control over the root user which means you have full control over the OS).
There is something good about a completely closed system, it’s safe and secure, but it is also a challenge to any smart hacker or coder. For a while, phones that are opened up by these people do have some additional value. But once it becomes a commodity and incredibly easy, people will take advantage of the process and of users who don’t know much about the technology that they make calls on or check email on.
Security Exploit Can Give Hackers Control of Your iPhone or iPad [WARNING]
By just loading a PDF file on your iPhone, iPad or iPod Touch, you could be handing over complete access to your device in what could quickly become a major security breach.
The same technique used in the first web-based Jailbreak for iPhone can be utilized by hackers to seize control of your phone via a program that can be delivered via PDF to any iOS device running 3.1.2 or higher, according Gizmodo and CNET.
Here’s how it works: whenever a user loads a PDF document, it has to load the fonts associated with it. A font can be inserted into the PDF containing a program that will cause a stack overflow. The result is that the program can pass the iPhone’s security defenses and then break out of its protective sandbox to deal critical damage to your phone.
This exploit is how JailbreakMe is able to jailbreak the iPhone just by visiting the website and sliding the “Slide to Jailbreak” button. While JailbreakMe may be benign, hackers could reverse-engineer JailbreakMe’s exploit for their own nefarious purposes.
Because this exploit can be launched just by clicking a link, it could quickly become very dangerous if Apple doesn’t release a new version of iOS with the fix soon. For now, check the links you open and don’t open PDFs unless they’re from sources you completely trust.
HTD says: What do you think Apple should do about Jailbreaking?
