Another Smartphone Security Concern: Jailbreaking

Sue Marquette Poremba
Slide Show

Smartphone Security Gaps

Employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.

Just when you think there are enough issues surrounding smartphone security, we have something else to worry about: jailbreaking.


Jailbreaking allows phones and other devices to use applications not approved by the OS, and was, until recently, illegal.


It didn't take very long for hackers to exploit the federal government's decision that jailbreaking doesn't violate U.S. copyright laws.


Days after the decision, a jailbreak was released.


According to a CNET article:


Unlike previous jailbreaks, which required the device to be connected to a computer to run the update, the latest jailbreak is accomplished completely via mobile Safari loaded on the device. The browser-based software bypass reportedly works on all iOS devices, including iPhones, iPads, and iPods running iOS 4 and iOS 4.01, but it will reportedly not work on devices running the iOS 4.1 beta.


It is, the article also mentioned, so popular that the website offering the jailbreak can't keep up.


However, the jailbreak can create major security problems. Again, CNET pointed out:


But the fact that it can be performed just through Safari, and the way it's done, points to a larger problem, as several CNET readers and listeners wrote to us to point out Tuesday. It means potentially anyone could control your iPhone (or iPod Touch or iPad) just by visiting a certain Web page. A site can present the exploit as a simple PDF link, which requires no explicit user action short of clicking a link. It can then launch an exploit that takes advantage of the way the PDF viewer loads fonts.


Bottom line: Other people may have unrestricted access to your device through the program.


Graham Cluley, senior technology consultant at Sophos, may have described the security problem best on his blog:


What concerns me, and others in the security community, however, is that if simply visiting a website with your iPhone can cause it to be jailbroken - just imagine what else could hackers do by exploiting this vulnerability? Cybercriminals would be able to create booby-trapped webpages that could - if visited by an unsuspecting iPhone, iPod Touch or iPad owner - run code on visiting devices without the user's permission.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.