• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • German Researchers Highlight Security Threats of Jailbreaking
    by
    Michael Essany
    Published on 02-10-2011 10:12 AM
    83 Comments Comments


    German researchers have come froward with a public warning: If someone steals your iPhone and jailbreaks it, they may be able to retrieve your sensitive passwords. As a result, the "Fraunhofer Institute Secure Information Technology" team has released a new video showcasing the perceived "security threats" posed by jailbreaking, a situation in which an "attacker can retrieve passwords in 6 minutes."

    The video demonstrates a password-locked iPhone tethered to a computer via USB. Following a snappy jailbreak, the hoodlum taps into the device's filesystem and nefariously copies a keychain access script. When executed, the script enables all the passwords stored on the iPhone to be viewed after extraction. This "flawed security design" - which affects all iPhone and iPad devices containing the latest firmware - makes all of the above possible without the need to even unlock a password-protected handset.

    While the video and demonstrated process largely fail to tell our community something it doesn't already know, the discussion itself speaks to a bigger issue. The surplus of recent talk surrounding the security weaknesses of the iPhone and other jailbreaking-related dangers is leading up to the unveiling of the iPhone 5 this summer. The 5th generation iPhone is believed to be deeply vested in ramped-up security features. As a result, some in the jailbreaking community believe that Apple is about to make "doing our thing" exponentially more difficult to do.

    Fraunhofer Institute
    Apple Insider
    This article was originally published in forum thread: German Researchers Highlight Security Threats of Jailbreaking started by Michael Essany View original post
    Comments 83 Comments
    1. Lionkid7's Avatar
      Lionkid7 - 02-10-2011, 10:18 AM
      Well, even if you don't jailbreak, you're exposed to that risk if you lose your iphone, since anyone can jailbreak your iphone and do that, even if YOU didn't jailbreak it. The bad thing is if someone can do that by hacking into your iphone wirelessly. That's something really risky.
    1. Razz's Avatar
      Razz - 02-10-2011, 10:22 AM
      Dun, Dun, Duuuuuuuuuun
    1. Bluestang9450's Avatar
      Bluestang9450 - 02-10-2011, 10:22 AM
      Release antidote and all our problems solved
    1. spazturtle's Avatar
      spazturtle - 02-10-2011, 10:29 AM
      The funny thing is that you can fix this security flaw by jailbreaking your device and installing some modifications.
    1. Bluestang9450's Avatar
      Bluestang9450 - 02-10-2011, 10:45 AM
      Quote Originally Posted by spazturtle View Post
      The funny thing is that you can fix this security flaw by jailbreaking your device and installing some modifications.
      What are these mods ur referring to?
    1. PamelaGirl's Avatar
      PamelaGirl - 02-10-2011, 10:45 AM
      Quote Originally Posted by spazturtle View Post
      The funny thing is that you can fix this security flaw by jailbreaking your device and installing some modifications.

      Like what?
    1. marnix1991's Avatar
      marnix1991 - 02-10-2011, 10:52 AM
      i do't know the pdf automatic download hole that's been filled by jailbreaking, no ? or maybe it's the way the jailbreak shows apple what holes to close, oh no and what about the sms virus that's been around
    1. DRFP's Avatar
      DRFP - 02-10-2011, 10:54 AM
      I bet the Anti JB crowd at Apple will jump on this............If you keep sensitive info on your phone its your fault not JB
    1. Tfost's Avatar
      Tfost - 02-10-2011, 10:55 AM
      Quote Originally Posted by spazturtle View Post
      The funny thing is that you can fix this security flaw by jailbreaking your device and installing some modifications.
      Do tell.
    1. vedavis's Avatar
      vedavis - 02-10-2011, 11:00 AM
      The way that the article is written the risk is the same, whether the iOS device is jailbroken or not. Just be prepared to remote wipe.
    1. toyvan's Avatar
      toyvan - 02-10-2011, 11:15 AM
      This is why I pay $99 a year for mobileme..remote lock/wipe - stupid video
    1. Labertasche's Avatar
      Labertasche - 02-10-2011, 11:21 AM
      Quote Originally Posted by toyvan View Post
      This is why I pay $99 a year for mobileme..remote lock/wipe - stupid video
      People who like the ones in the video know how to JB a phone and get passwords from it for sure know about mobileme and how to bypass it. Like taking out the SIM card or turning off Wi-Fi.
    1. fbiryujin's Avatar
      fbiryujin - 02-10-2011, 11:26 AM
      "Once you have physical access to a device, security is ALWAYS compromised."
      -Any security analyst

      The above quote applies to every electronic device, whether it is an iPhone, Android phone, tablet device, police radio (yes those hold secret data), computer, etc...
      This article is nothing newsworthy. I keep as little personal data as possible on my phone, and I am always prepared to remote wipe.
    1. ingesterfella's Avatar
      ingesterfella - 02-10-2011, 11:44 AM
      Peeps with latest 4th gen devices can get a Find my iPhone service for free you can lock wipe and find your iPhone for free just saying
    1. johnr9412's Avatar
      johnr9412 - 02-10-2011, 11:47 AM
      I don't know if this is just me, but I hold on to my technology with an iron grip! Nobody touches it unless I want them to. So I guess I have no worries
    1. msquared's Avatar
      msquared - 02-10-2011, 11:48 AM
      Like it's been said we all know of these risks and I'm not sure about these mods that were mentioned the PDF is the only one I have heard about unless there private in which case SHARE MAN SHARE lol
    1. dragonjo8's Avatar
      dragonjo8 - 02-10-2011, 11:58 AM
      Quote Originally Posted by toyvan View Post
      This is why I pay $99 a year for mobileme..remote lock/wipe - stupid video
      JESUS...cancel you're account now. That service is FREE for FW 4.2.1 (which can now be jailbroken).
    1. tabaks's Avatar
      tabaks - 02-10-2011, 12:09 PM
      Quote Originally Posted by Labertasche View Post
      People who like the ones in the video know how to JB a phone and get passwords from it for sure know about mobileme and how to bypass it. Like taking out the SIM card or turning off Wi-Fi.
      Broken logic. I don't think that even half percent of hoodlums that would steal an iPhone would know how to turn it on, much less jailbreak. So, yes, location service is enough, unless you wait a week to try it out and find the phone.
    1. AUZambo's Avatar
      AUZambo - 02-10-2011, 12:31 PM
      I'm gonna go out on a limb and say I don't really need to worry about this.

      First, of all the people I know with an iPhone I don't know anyone who has had an iPhone stolen (I've heard of it, but don't know any victims personally).

      Second, IF (and that's a big "if") my iPhone gets stolen, the chances of the thief actually knowing how to jailbreak and gain access to the passwords is incredibly slim.

      I have a better chance of being murdered for my fake rolex than someone stealing my iPhone and getting my passwords.
    1. mw_w's Avatar
      mw_w - 02-10-2011, 12:45 PM
      Quote Originally Posted by Lionkid7 View Post
      Well, even if you don't jailbreak, you're exposed to that risk if you lose your iphone, since anyone can jailbreak your iphone and do that, even if YOU didn't jailbreak it. The bad thing is if someone can do that by hacking into your iphone wirelessly. That's something really risky.
      Very true.
    Page 1 of 5 123 ... LastLast