With good reason, Apple is sensitive about the integrity and security of iOS which is purpose-built as a closed and protected environment. This design gives iOS strict control of any code executed on an iPhone or iPad. There are, however, several ways used to bypass Apple’s security by design.
One of these methods is jailbreaking. Some users may want to implement additional features and app on their devices, but to do so they need a jailbreak to exploit the iOS and gain root privileges. These privileges allow them to download and install additional apps and to control their devices fully.
Unfortunately, this also removes the built-in security features of iOS too. Users seeking greater flexibility in how they can use their own devices were the followed by malware developers who can use jailbreaking as a way to infiltrate iOS.
Jailbreaking – Since when and why?
Jailbreaking has been around for quite a while. In fact, the first jailbreak was created back in 2007, allowing users to jailbreak iOS version 1.1.1. Since then, jailbreaking has followed Apple with every iOS version it released. Each time, jailbreaking was achieved by using a different exploit in the iOS, enabling users to gain the desired root privileges.
Several different groups are behind jailbreaking. From the moment a new version is released they compete for each other to find a loophole and monetize their achievement. Most jailbreaks install third party stores on the device, such as Cydia or the Chinese Taig. These markets depend on jailbreaking to operate, making it a very profitable business.
iOS 9.1 jailbreak
Recently, the infamous jailbreaking team Pangu released a new jailbreak for iOS 9.1. This time, it took several months to exploit the iOS system successfully. Eventually, a jailbreak was found using a kernel exploit accredited to Lokihardt, a South Korean hacker. This exploit was already patched in the newer 9.2 iOS version, making the jailbreak effective only to iOS 9.1.
Why is this dangerous?
While one might think this is not a major security concern, it is important to understand fully the risks entailed in jailbreaking a device. Jailbreaking removes sandboxing and code signing security features. This effectively leads to enabling a jailbroken device to run any app, including those from third-party app stores which are not inspected by Apple.
An attacker infiltrating a jailbroken device can easily gain extensive capabilities. Such capabilities can be running code under administrator privileges and retrieving various files and sensitive information on the device.
An attacker can even use jailbreaking to bypass enterprise data protection apps, including secure containers, wrappers, and hardened banking and financial apps. Consequently, the attacker can gain access to encrypted and sensitive corporate information such as emails, confidential documents, and passwords.
Moreover, attackers can actively jailbreak non-jailbroken devices. Some versions require a physical attack which can be conducted once a user is not in control of the device. This could easily occur when visiting the JYM, crossing customs or even in a moment of distraction. This means that all users, including those who do not jailbreak their device, are at risk.
Implications on BYOD policies
Jailbreaking is not just a user problem because it also jeopardizes enterprises with Bring Your Own Device (BYOD) policies. A single jailbroken device can lead to a severe security breach and the loss of sensitive data. Enterprises need visibility to mobile devices in their network, and using Mobile Device Management (MDM) solutions is not enough.
Many methods (like XCON) can help users and attackers to hide from MDMs. To protect their networks, enterprises must use a more comprehensive solution that can detect and alert IT managers of potential risks in their mobile networks, including jailbroken devices.
Check Point Mobile Threat Prevention
Oren Koriat is a Mobile Information Security Analyst in the Check Point Mobile Threat Prevention Research Group. He is a technology enthusiast and a polyglot, whose expertise is in the field of Asian mobile software markets. Koriat holds a degree in linguistics from Bar Ilan University.