[Infowarrior] - Is Jailbreaking a Security Threat?
Richard Forno
rforno at infowarrior.org
Fri Jul 3 00:44:17 UTC 2009
Is Jailbreaking a Security Threat? Really? July 2009
http://zdziarski.com/papers/jailbreaksecurity.html
Someone sent me a copy of this MacWorld article in which Charlie
Miller makes the claim that jailbreaking is a threat to ecurity (I
left off the 's' because apparently they stole it for the new iPhone).
Does Charlie really believe that DRM is healthy for a computer system?
It seems that having disclosed the SMS vulnerability, he should know
more than most that application signing provides more copyright
control than it does actual security. Ironically, most exploits such
as SMS and Safari exploits have the potential to affect every single
iPhone user with a vulnerable version of firmware - whether it's
jailbroken or not.
He is right, but only to a certain extent. While he's correct that a
jailbroken kernel allows for any self-signed application to run, I
don't see that as necessarily increasing the threat by malicious
individuals, who are looking for the types of exploits that will
affect the entire iPhone community. The SMS vulnerability is emphatic
proof that the native applications on the iPhone are more of a viable
target and of more interest to a malicious party, as they are a
standard part of the iPhone operating system. These types of exploits
don't require a jailbreak, and pose a much more significant security
risk to such a large monoculture of mobile devices.
Lets talk about jailbreaking and security for a minute, shall we?
Ironically, and much to Mr. Miller's chagrin, the jailbreak community
has been responsible for fixing more security problems with the iPhone
than it has caused. In October 2007, a serious image processing
vulnerability was discovered in iPhoneOS v1.1.1. The iPhone dev-team
(of which I was a member at the time) developed a website which iPhone
users could visit to patch this serious vulnerability. The
vulnerability was so serious, in fact, that other free services
provided on the website included installing free, open source software
at the user's request. The jailbreak community had a solution out for
all iPhone users within a week of discovering the vulnerability. Apple
took another several months to release a patch. More recent security
fixes have involved patches for personal data leaks, such as
preventing the storing of screenshots (taken by the iPhone operating
system) of everything the user is doing, and preventing the iPhone's
built-in keyboard logger from recording everything you type. None of
these security fixes are available to people unless they jailbreak
their phone. One final example of something the jailbreak community
had a fix for long before Apple was the loading of remote images in
Mail, which allowed spammers and scammers to embed web bugs to
identify you.
Overall, with the release of iPhoneoS v3.0, Apple fixed 46 security
bugs. That should give you an indication of just how many holes Apple
had left open in the operating system - which may have affected you
over the past two years without your knowledge. Apple suddenly doesn't
come off as the poster child for security that Miller makes them out
to be.
So we've dispelled the myth that jailbreaking is detrimental to
security when, in fact, it has a long history of improving security
(thanks to Apple's lax and, in my opinion, reckless attention to
security). But Mr. Miller's claim is almost arguing that giving an
iPhone the same level of security as every single Unix-based computer
system out there isn't sufficient! Mac OS, Linux, and every other
desktop and server operating system powering our economy run whatever
software the user cares to load on them, and they do it without asking
Apple for permission and without a lengthy review period to ensure the
application jives' with the manufacturer's public image of the
product. These desktop systems drive everything from financial systems
to critical infrastructure across the world while connected to public
networks, yet we don't consider these systems to be dangerously
insecure (unless they're run by a federal government, but that's a
whole other issue). If Miller really believes what he's saying, he
must also make the argument that every desktop machine should also run
a trusted kernel that only runs what the manufacturer specifically
signs. This opens up a dangerous stronghold by the manufacturer to
impose a monopoly, thus creating an even stronger monoculture than
before, thus leading to an even bigger security threat. Imagine a
world where you have to ask your computer manufacturer for permission
before writing software!
Ironically, earlier versions of iPhone firmware didn't include such a
signing mechanism, and it only even came to be as a result of Apple's
determination to control their protected revenue channels - DRMd
music, movies, and now applications. Before the SDK was announced,
code signing wasn't even a consideration by Apple. It was only after
Apple decided to compete with the popular open source software
community that code signing was introduced to attempt to snuff out the
competition. This tells me that the goal of code signing isn't
necessarily for "security", but more over for copyright control and to
keep a closed ecosystem (to prevent competition). It's the equivalent
of selling German cars that won't fit any aftermarket parts, and thus
sell for three times as much as they're worth. Is the overpriced
sports car more secure?
One can squawk all they want about how jailbreaking opens up some kind
of "dangerous vulnerability" on the device, but all I hear are the
echoes of the kind of propaganda I would expect to hear from Apple's
legal department to gloss over the obvious anti-competitive nature to
which code signing was originally implemented. It was clearly put
there to protect Apple's vested interest in controlling the market,
and to prevent competitors (like Palm and Jay Freeman) from easily
making products that can compete with Apple's own.
In my opinion, jailbreaking an iPhone allows the device to function
more like a computer system, and less like a monopolized, centrally
controlled product - which sounds better to me. And in acting like a
standard Unix computer system, we in the technology world are more
likely to deem it to be "secure enough" as any Laptop with an AirCard
or network server. The added benefits of jailbreaking outweigh any
risk that we could possibly incur as a result of DRM control.
Also consider that jailbreaking benefits us in 10 ways which I tweeted
a week or two ago, shown below. The benefits far outweigh the rarely-
ever missed loss of DRM control. If you ask me, turning the iPhone
into a regular computer benefits the consumer more than the "security"
provided by code signing DRM.
Reason 10:
To get the very most we can possibly push out of technology we've
purchased, and to explore an learn about this wonderful device.
Reason 9:
Better AppStore apps. Ironic but developers can see the guts of what's
really going on when they can access the phone and debug.
Reason 8:
Portable Unix. How often do geeks need a terminal window to run a
script, SSH, or FTP? Why pay when you can have a Unix world.
Reason 7:
Land of misfit toys. Lots of great apps rejected by AppStore get to be
seen by jailbreakers, and some are well worth the download.
Reason 6:
Security. If we can break it we can also fix it, and faster than
Apple. Would you rather we find security bugs or the bad guys?
Reason 5:
Unlocking. Subsidized phones are great but many travel internationally
and still need unlocks. Others just hate AT$T.
Reason 4:
Cool stuff. Useful tweaks & hacks to change internals like WinterBoard
and PushMod keep us geeks happy. Without them, frustrated.
Reason 3:
Law enforcement. While the cops don't jailbreak, iPhone forensics use
similar technical procedures to help convict rapists, murderers, and
even terrorists.
Reason 2:
To expose open privacy leaks. Through jailbreaking, we can see just
how much private data is exposed and show you (and Apple) how to work
around them - there's lots to fix.
Reason 1:
An open device is an open market, and an open market breeds
accountability and competition, keeping Apple from getting too greedy.
So why does Miller hold the misguided belief that jailbreaking is
detrimental to the iPhone's security? Miller makes no bones about the
fact that he and Apple "agreed" not to give too many details about the
SMS exploit. Clearly he's been approached by Apple. I surmise it may
be likely that Apple asked him to agree to discourage jailbreaking as
part of his SyScan presentation. Sound crazy? Apple desperately needs
some PR backing in their ongoing case with the EFF, who is trying to
add additional legal safeties to make jailbreaking even more legal
than it is. Apple has been taking the position lately that
jailbreaking is illegal (it isn't), a violation of copyright (it
isn't), and detrimental to - you guessed it, the iPhone's security (it
isn't).
This wouldn't be the first time Apple's hell hounds have been
unleashed on security experts. Apple went on an offensive attack
against a well known technology company who put on a conference a few
months ago, in which I gave a presentation disclosing numerous
vulnerabilities with Apple's operating system, and the ability for an
identity thief to lift personal data within seconds. While we met most
of Apple's requests with a polite "go to hell", their legal department
clearly made an impression on the conference, and my presentation.
Perhaps Charlie's running a little scared at his first encounter with
Apple. Or perhaps he really believes that jailbreaking is evil and
should be outlawed, as Apple is trying to convince a judge. What's
important to take away from this is that the so-called "security" Mr.
Miller is referring to isn't intended to be security at all, but
rather Apple's mechanism for closing off a product to competition, and
controlling the revenue streams for everything that gets put onto the
device.
A large multi-billion dollar company greedy making excuses to run DRM?
Nah. Say it aint so.
More information about the Infowarrior
mailing list