Jailbreaking iOS devices: Never say fixed
LAS VEGAS--While Android is taking the consumer market by storm, iOS devices are growing in popularity in the enterprise in the face of a retreating BlackBerry. IT managers find iOS devices attractive because of their functionality and rock-solid reputation for security.
However, while it is difficult, the latest version of iOS can be successfully hacked and jailbroken, explained Georgia Tech researchers at the Black Hat conference.
Even the iPhone 5 running the latest iOS 7 software is not immune. The researchers examined an attack dubbed evasi0n7 that was able to jailbreak iOS 7 through an intricate nine step process. The program, developed by a team of hackers that go by the moniker evad3rs, first appeared early last year, explains this story at Forbes.
Apple "fixed" that hole by plugging a number of the vulnerabilities in the evasi0n7 process, but not all of them.
The Georgia Tech researchers took this as a challenge. They decided to see if they could find ways around Apple's solution and--needless to say since they are presenting at Black Hat--succeeded.
"Not completely patching publicly disclosed vulnerabilities leaves the door open for other attacks," concluded Yeongjin Jang, one of the Georgia Tech researchers.
So what can attackers do with a jailbroken iPhone? Once an iOS device is jailbroken, it no longer has the strong security protections installed by Apple. This makes it easier for malware to get onto the device, especially if the user downloads apps from a non-official app store. This malware could find its way onto the corporate network, particularly if it is a BYOD device.
- read the Forbes article on evasi0n
Backdoors in iPhones could give NSA, hackers access to sensitive data, says researcher
Pangu exploits enterprise certificate to jailbreak iOS devices
Apple iOS and Android security worries the same, yet different