Smartphone Security Gaps
Employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.
Jailbreaking allows phones and other devices to use applications not approved by the OS, and was, until recently, illegal.
It didn't take very long for hackers to exploit the federal government's decision that jailbreaking doesn't violate U.S. copyright laws.
According to a CNET article:
Unlike previous jailbreaks, which required the device to be connected to a computer to run the update, the latest jailbreak is accomplished completely via mobile Safari loaded on the device. The browser-based software bypass reportedly works on all iOS devices, including iPhones, iPads, and iPods running iOS 4 and iOS 4.01, but it will reportedly not work on devices running the iOS 4.1 beta.
It is, the article also mentioned, so popular that the website offering the jailbreak can't keep up.
However, the jailbreak can create major security problems. Again, CNET pointed out:
But the fact that it can be performed just through Safari, and the way it's done, points to a larger problem, as several CNET readers and listeners wrote to us to point out Tuesday. It means potentially anyone could control your iPhone (or iPod Touch or iPad) just by visiting a certain Web page. A site can present the exploit as a simple PDF link, which requires no explicit user action short of clicking a link. It can then launch an exploit that takes advantage of the way the PDF viewer loads fonts.
Bottom line: Other people may have unrestricted access to your device through the program.
Graham Cluley, senior technology consultant at Sophos, may have described the security problem best on his blog:
What concerns me, and others in the security community, however, is that if simply visiting a website with your iPhone can cause it to be jailbroken - just imagine what else could hackers do by exploiting this vulnerability? Cybercriminals would be able to create booby-trapped webpages that could - if visited by an unsuspecting iPhone, iPod Touch or iPad owner - run code on visiting devices without the user's permission.