• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • German Researchers Highlight Security Threats of Jailbreaking


    German researchers have come froward with a public warning: If someone steals your iPhone and jailbreaks it, they may be able to retrieve your sensitive passwords. As a result, the "Fraunhofer Institute Secure Information Technology" team has released a new video showcasing the perceived "security threats" posed by jailbreaking, a situation in which an "attacker can retrieve passwords in 6 minutes."

    The video demonstrates a password-locked iPhone tethered to a computer via USB. Following a snappy jailbreak, the hoodlum taps into the device's filesystem and nefariously copies a keychain access script. When executed, the script enables all the passwords stored on the iPhone to be viewed after extraction. This "flawed security design" - which affects all iPhone and iPad devices containing the latest firmware - makes all of the above possible without the need to even unlock a password-protected handset.

    While the video and demonstrated process largely fail to tell our community something it doesn't already know, the discussion itself speaks to a bigger issue. The surplus of recent talk surrounding the security weaknesses of the iPhone and other jailbreaking-related dangers is leading up to the unveiling of the iPhone 5 this summer. The 5th generation iPhone is believed to be deeply vested in ramped-up security features. As a result, some in the jailbreaking community believe that Apple is about to make "doing our thing" exponentially more difficult to do.

    Fraunhofer Institute
    Apple Insider
    This article was originally published in forum thread: German Researchers Highlight Security Threats of Jailbreaking started by Michael Essany View original post
    Comments 81 Comments
    1. Zokunei's Avatar
      Zokunei -
      I guess jailbreaks should start requiring you to enter the password if that's possible.
    1. Zokunei's Avatar
      Zokunei -
      Quote Originally Posted by msquared View Post
      Like it's been said we all know of these risks and I'm not sure about these mods that were mentioned the PDF is the only one I have heard about unless there private in which case SHARE MAN SHARE lol
      I think the guy was saying it was possible, not that it's been done or he knows how.
    1. mmaboi21's Avatar
      mmaboi21 -
      Quote Originally Posted by vinaygoel2000 View Post
      Can u jailbreak a locked iPhone?
      Yes
    1. santacruzlocal's Avatar
      santacruzlocal -
      Oh no, someone is going to steal the pictures of my dog, What will I do !!!

      Not to mention that ANY phone can be hacked by someone with the right skill !!!

      Quote Originally Posted by vinaygoel2000 View Post
      Can u jailbreak a locked iPhone?
      Really ... Did you really just ask that, Did you not watch the video?
    1. bigbaba's Avatar
      bigbaba -
      Quote Originally Posted by johnr9412 View Post
      I don't know if this is just me, but I hold on to my technology with an iron grip! Nobody touches it unless I want them to. So I guess I have no worries
      Until a band of trained ninjas break into your house at night to steal your iphone

      Quote Originally Posted by Bluestang9450 View Post
      What are these mods ur referring to?
      You could start by installing SSH yourself and changing your root password...
    1. valkraider's Avatar
      valkraider -
      Bad article headline/title.

      They did not highlight the security threats of jailbreaking.

      They used the same voulnerabilities used by jailbreaking (which exist in all iPhones) to highlight the security risk of using an iPhone to connect to other systems.

      So if you have an iPhone - and they get physical access to it - you are at risk. It has nothing to do with jailbreaking.

      If you have an iPhone and you don't have any passwords stored in it, such as for wifi, email, or VPN - then all they get is your iPhone and the pictures of your dog.

      If you have an iPhone and you have set up email, VPN, wifi, and other services then you are at a higher risk - as they can get your pictures of your dog AND access to your email, servers, encrypted data, etc etc...

      But like others have said - this exploit requires PHYSICAL ACCESS. The only real noteworthy thing is that it can be accomplished in 6 minutes. If someone has access to a device they can hack it eventually. What this shows is that they can hack it *quickly*.

      Leave your iPhone on your desk while you go to a meeting or to lunch? Someone could hack it while you were gone.

      Leave your iPhone in your hotel room while you go for a swim? Someone could hack it while you are gone.

      Forget your iPhone at a restaurant and remember half way back to work? Someone could hack it before you get back.

      The real issue here is *not* jailbreaking. The issue is that the iPhone keychain (which relies on the same basic model as on Mac OSX) is not locked with your iPhone passcode. The keychain on the iPhone is locked using information physically on the device - so it is easily discoverable. Apple could EASILY fix this (or at least make it much harder/slower) by making the iPhone keychain system utilize your passcode in it's encryption.
    1. charlyc's Avatar
      charlyc -
      Nothing new but a lot more bancking apps on all phones not just the Iphone. All are in the same boat.
    1. awesomeOo7's Avatar
      awesomeOo7 -
      I always knew that you could do that...its kinda old news. I just wish i new more abour security script that way before i sold mine i could manually delete "risky" information
    1. Antman217's Avatar
      Antman217 -
      Quote Originally Posted by AUZambo View Post
      I'm gonna go out on a limb and say I don't really need to worry about this.

      First, of all the people I know with an iPhone I don't know anyone who has had an iPhone stolen (I've heard of it, but don't know any victims personally).

      Second, IF (and that's a big "if") my iPhone gets stolen, the chances of the thief actually knowing how to jailbreak and gain access to the passwords is incredibly slim.

      I have a better chance of being murdered for my fake rolex than someone stealing my iPhone and getting my passwords.
      Exactly lol.
    1. my1past1is1ur1future's Avatar
      my1past1is1ur1future -
      Quote Originally Posted by spazturtle View Post
      The funny thing is that you can fix this security flaw by jailbreaking your device and installing some modifications.
      it would be great if you explain how man coz that would help alot of us....
    1. ty22's Avatar
      ty22 -
      Same thing can happen on your mac or any computer......
    1. egarc's Avatar
      egarc -
      The researchers gained access by jailbreaking the phone and installing OpenSSH. Changing your root password would make it MUCH harder to access your data.
    1. steve-z17's Avatar
      steve-z17 -
      If you're storing passwords and other sensitive info on your iPhone and leave your phone lying around out in the open for anyone to grab, then you deserve to have your info stolen...these "Germans" wasted a lot of time on nothing.
    1. Antman217's Avatar
      Antman217 -
      Quote Originally Posted by Bluestang9450 View Post
      Release antidote and all our problems solved
      How?! That means you're device would have to be jailbroken already to install it and that would be one less step for the hacker!

      Quote Originally Posted by egarc View Post
      The researchers gained access by jailbreaking the phone and installing OpenSSH. Changing your root password would make it MUCH harder to access your data.
      Or you could use diskaid or iPhoneexplorer which requires just a USB connection for ssh and no password so you're still f*cked.
    1. EskimoRuler's Avatar
      EskimoRuler -
      Quote Originally Posted by fbiryujin View Post
      "Once you have physical access to a device, security is ALWAYS compromised."
      -Any security analyst

      The above quote applies to every electronic device, whether it is an iPhone, Android phone, tablet device, police radio (yes those hold secret data), computer, etc...
      This article is nothing newsworthy. I keep as little personal data as possible on my phone, and I am always prepared to remote wipe.
      So true man, can't do much once they have it
    1. KartRacer's Avatar
      KartRacer -
      Quote Originally Posted by fbiryujin View Post
      This article is nothing newsworthy.
      Didn't check who the writer was huh?
    1. javiert30's Avatar
      javiert30 -
      Good guide about how to hack an iPhone if you find one.... Stupid
    1. psp257's Avatar
      psp257 -
      Quote Originally Posted by Antman217 View Post
      How?! That means you're device would have to be jailbroken already to install it and that would be one less step for the hacker!



      Or you could use diskaid or iPhoneexplorer which requires just a USB connection for ssh and no password so you're still f*cked.
      yea, but what chance is there that the "hacker" A: knows about the programs and B: has a friggin dock cable if he's stealing a iphone and never had one! and i know what you're going to say: he might have a dock cable from a ipod he has. well, lets face it. i don't think a guy idiotic enough to steal a iphone would even have or know how to use a ipod.
    1. alexevo's Avatar
      alexevo -
      Something you guys aren't considering. If you can't get to a computer(or more specifically, YOUR computer) in 6 minutes or let's be generous and say 10 minutes then it doesn't matter if you have MobileMe or not. Plus like someone else said once you pull the sim out or turn the phone off MobileMe won't do anything and then you're free to devise a way to turn it on and have it not be able to acquire a signal thus rendering MobileMe useless yet again.

      Another thing, people can't SSH into your phone wirelessly without your root password and you also would have to leave SSH on which most of us turn off with SBSettings since it eats up the battery anyway. Diskaid and iphoneexplorer only work if someone physically has your phone. In other words guys, this is nothing to worry about.
    1. SnowLeo's Avatar
      SnowLeo -
      Wow the Germans need a group of researchs to figure out the obvious. Lol. If someone steals a laptop they can easily hack it and find the passwords. Android phones are easier than jailbroken iphones because it natively gives you acces the all the phones files and there are a million file system apps that dont require rooting.
      For gods sakes facebook hacking to obtain this info is just as easy. If any amateur hacker/theif wanted they could get it from you without even stealing anything.