Wednesday 4 August 2010

Jailbreaking can make your iDevice more secure, despite Apple briefing us to the contrary.

Since the Library of Congress have declared jailbreaking, rooting etc. legal (which we knew it was all along, but nice to have it announced officially), the mainstream media have taken a sudden interest in the latest iDevice jailbreak. This, on the whole is A Good Thing, as it demonstrates to a wider audience that you can own an Apple iDevice without being ridiculously restricted in terms of how you use it. However, one tidbit of info that keeps being thrown about is that jailbreaking makes your device less secure. To quote the Guardian:

  • So why, after paying a small fortune for one of Apple's devices, would you void your warranty and jailbreak? Well, partly because in most cases the handset can be easily and quickly returned to its non-jailbroken state, and partly because doing so can fundamentally transform your using of it. Of course, when you have taken the plunge your device is significantly less insulated from malicious "worms" previously weeded out by Apple. It's your call – but what do the readers think?
The bit I've bolded is the questionable bit - what exactly do they mean by that? Do they think that jailbreaking creates extra security holes? Do they think that Apple regularly fixes security weaknesses over the air? Or that jailbroken devices are excommunicated from Apple and therefore won't be updateable in the future? If a serious security flaw appeared that could only be fixed by an Apple Software update, there is nothing (short of relying on having an unlocked phone) that prevents the average jailbreaker than simply restoring to factory settings in order to take advantage of security fixes; before long, this software update would be jailbreakable, and the cycle starts again.

I doubt that the Guardian blogger in question really believes any of the above. What is more likely is that he's read an Apple PR statement and taken their spin as fact, without researching the matter properly.

It's absolute rubbish that jailbreaking makes you more vulnerable to attack.

Firstly, In order for there to be a jailbreak, a hole in Apple software must be exploited. This one (a PDF exploit) is potentially very harmful as simply by displaying a PDF a hacker could gain full control of an iDevice (basically, involuntarily jailbreaking the device without the user's knowledge or permission).

Secondly, it is possible to install a mod that lets you choose whether or not to view PDF files on a case by case basis, but ironically the only way to do so is to jailbreak your device beforehand. Therefore, people who haven't jailbroken have less secure devices more open to attack, until Apple releases a fix.

Thirdly, some of the first jailbreaks, like this one, made use of software exploits (more recent exploits used by jailbreaking applications are hardware based and hence less dangerous as physical access to the device is required). Previously, these exploits were automatically patched by the provider of the jailbreak, securing it from future attack. This can't be done quite so easily this time around as turning off the ability to view PDFs isn't practical. Nonetheless, in these cases jailbreaking made your device more secure, not less.

Dear Guardian et al., please do your research before you repeat Apple's PR nonsense. Simply jailbreaking a device does not make it automatically less secure. Granted, you are more susceptible to malware as jailbreak applications aren't as well vetted as Apple-approved applications, but caution and perhaps a quick Google search before installing an application from an untrusted source should be plenty to protect yourself.

As for why I jailbreak (another common question that is being asked by the mainstream press), I do it because it is my device. I paid for it (and therefore own it), I know what I want to use it for and what it's capable of, and I don't need Apple to mollycoddle me or hold my hand. I'm not an obsessive nerd either, and I'm not doing it for the sake of it; I'm doing it because I truly believe that jailbreaking offers genuine advantages that add significant value to my iPod Touch. Every tweak and application makes it less like a fancy toy and more like a real computer.