Thu, 02 Jul 2009 Security Research: Jailbroken iPhones leave users more vulnerable

Jailbreaking a handset may remove up to 80 percent of its security protections

Sumner Lemon

Jailbreaking an iPhone leaves users vulnerable to attack by stripping away most of the handset's security protections, a security researcher warned on Thursday.

"If you care about security, don't use a jailbroken iPhone," said security researcher Charlie Miller, speaking at the SyScan security conference in Singapore on Thursday.

Jailbreaking is a term used to describe the process of stripping away the protections that prevent a user from installing applications on an iPhone that have not been digitally signed by Apple.

Jailbreaking tools have been popular among users in the US and elsewhere who do not want to be tied to a specific operator, or who want to add software or capabilities to the phone that Apple doesn't offer.

The process removes around 80 per cent of the security protections built into the phone's software, making it more vulnerable, Miller said.

Overall, the stripped-down version of Mac OS X used in the iPhone makes it more secure than computers running the full version of the operating system, Miller said.

Many capabilities contained in the full version of the operating system, like support for Java and Adobe Flash, are not available on the iPhone. In addition, the iPhone doesn't support many of the features contained in PDF files, which have proved to be a fertile source of Mac OS X vulnerabilities. This gives attackers fewer options when looking for vulnerabilities to exploit, he said.

In addition, iPhones are limited to running applications that have been digitally signed by Apple, which means that an attacker cannot simply install and run their own software on the handset. The iPhone also has hardware protections for data stored in memory.

Jailbreaking an iPhone disables these two security functions, making the phone more vulnerable to an attack, Miller said.

Check out our new Macworld Mobile site.

Follow Macworld UK on twitter: www.twitter.com/macworlduk

RSS
Digg

Email A Friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Permalink This Article

This articles permalink is:
http://www.macworld.co.uk/ipod-itunes/news/index.cfm?RSS&NewsID=26489

<<prev article | back to news index | next article>>

Comments received

Steve N said on Thu, 02 Jul 2009

Of course you are more vulnerable, but you are free from the thought police.

lol said on Thu, 02 Jul 2009

I wonder which (Apple) company paid (Apple) for the research?

dave said on Thu, 02 Jul 2009

This really sounds like a FUD report. 80% of all so-called "protection" is gone?

Ridiculous.

Gabriel said on Thu, 02 Jul 2009

Makes perfect sense to me - a lot of the security lies in restricting what the user can do. Remove those restrictions, and you're on your own.

Obviously, some tinkerers here are chafing at those restrictions, but for those of us who want to actually *use* the device, this provides added peace of mind.

Andrew said on Fri, 03 Jul 2009

So based on Mr. Miller's reasoning we should probably only use computers that will only run digitally signed software from the OS vendor? I think it would be a simpler fix to just unplug all computers from any network and remove any input ports - problem of all attack vectors solved.

Andrew said on Fri, 03 Jul 2009

One other point. If Apple allowed basic customization or ways for people to install their own apps, then a jailbreak would be unnecessary. Also, if I could use my phone on another carrier when traveling or after my contract is fulfilled, then there would be no need to unlock. Windows mobile allows for anyone to download and install any software (for 10 yrs now) and there has been no massive security issue. Blackberry too... I can install 3rd party BB software without going through the blackberry store - no giant security hole there either.

thomas said on Mon, 06 Jul 2009

It's amazing how many people complain about Apple's policies. Quite frankly, if you don't like it, don't buy it. Some people like the "security" Apple gives them, while others, like Andrew, are power users. The sarcasm shown by some of these comments, demonstrates the holier-than-thou mentality that many "techies" have toward the rest of the public.

Click here for the latest reader comments

Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.

Latest News

More news...

iPhone 3G S Video Review

Related News

More iPod/iPhone news...

Mac Broadband?

Search news

Search Google

Newsletter signup

It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.

Latest issue: Ipod User

Find out what's in this month's Macworld here or buy now.

Macworld reader poll

Based on the rumoured features, will you be buying an Apple Tablet?:

View poll results

Have your say in the
Macworld forums!

Register now

Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.

RSS

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.

Subscribe to our feeds here

Latest PC industry news

MACWORLD MARKETPLACE

	Computer & Laptop At Ciao you can read consumer reviews on a large number of Apple products like iPods, iPhones, Apple laptops and Apple computers. Compare prices of your favourite Apple products today.
	Orbitsound Orbitsound is a British technology and consumer electronics company, we specialises in designing and manufacturing innovative high quality audio products featuring its revolutionary airSOUND® single point stereo technology. With Orbitsound products (T3,T6 and the T12) everywhere is the sweet spot
	Circus Ponies NoteBook - the easy way to get organized on the Mac NoteBook is the award-winning application that gets you organized. Store notes in electronic notebooks, add text, drag in files, "clip" web pages and other content. Annotate with diagrams, sketches, highlighting, keywords, even voice recordings. Find anything instantly with NoteBook’s patented Multidex^TM. Publish to the web, including MobileMe.
	The NatWest iPhone App is free and provides a fast and easy way to keep up to date with your finances. Check balances, view mini statements and manage your money on the go.
	Buy One Get One Free on QuarkXPress 8! It's the perfect time to add an extra copy of QuarkXPress to your business. Purchase a new single full product of QuarkXPress 8 before Christmas and we'll give you another ABSOLUTELY FREE*.
	50% off ebooks It doesn't get much hotter than Mac OS X and iPhone development - visit http://apress.com/mac. Whatever your level, and whatever your background, Apress offers a complete package of books to get you up and developing for iPhone and Mac OS X. Use the exclusive MacWorld coupon code, MACWORLDOC, at Apress.com to receive 50% off your cart.
	FREE 30-day trial. Announcing New FileMaker Pro 10. Sleek new look. Intuitive new design. Learn about the fresh, new interface and innovative features in FileMaker® Pro 10, the leading easy-to-use database software, which will make managing your information easier than ever.
	Beat the Credit Crunch - Lease your Mac from Hardsoft. Hardsoft are the only 'one stop' solution for the supply and finance of I.T. to businesses throughout the UK via our regional branch offices. We are uniquely both equipment Apple Approved Reseller and licensed Credit Brokers and have tailored a solution which includes a full 3 year warranty and an equipment upgrade every 18 month.