Hacker Tool Copies Personal Info From Compromised Jailbroken iPhones


It is important to note that standard, non-jailbroken iPhones are not at risk; it is extremely dangerous to jailbreak an iPhone because of the vulnerabilities that this process creates. (Estimates suggest that 6-8% of iPhones are jailbroken.)

I am personally wary of jailbreaking, but more from a stability/reliability perspective, not security. I’m skeptical about the above blanket statement. To date, the only security problems that have arisen are not for jailbroken iPhones in general, but jailbroken iPhones running SSH with the default root password. What security holes have been identified that affect jailbroken phones that aren’t running SSH or on which the root password has been changed?

Update: OK, here’s a good security issue created by jailbreaking itself, from Dino Dai Zovi (whom I interviewed back in 2007):

Also, remember that jailbreaking your iPhone disables code signing enforcement. That’s the thing that makes exploits so hard on iPhone.

Wednesday, 11 November 2009