For the first time in years, a hacker has managed to publish a public shutdown network for a fully updated iPhone. That means phones can have unofficial software installed by users who want to bypass Apple's strict controls and potentially make it easier for mobile phones to be hacked.
First, the iPhone jailbreak is not Black mirror– a shady escape plan for the little people who live in your phone and make it smart, but instead, a term that describes an attempt to modify an electronic device to remove the restrictions imposed by the manufacturer or operator. The usual purpose is to allow you to install unauthorized software.
"For every device, the purpose of jailbreak is to find a loophole in coding to overcome all the limitations the manufacturer has put on it," says Ayman El Hajjar, a computer science and engineering lecturer at the University of Westminster. "In essence, what makes jailbreaking is an escalating privilege – it means that the operating system's security precautions have been removed and you are able to overcome them."
First reported by Motherboard, the new jailbreak is at the center of SockPuppet vulnerability, discovered by Google hacker Ned Williamson. Apple first fixed the issue in iOS 12.3, but reintroduced it in the latest version of its code, iOS 12.4, which was released in June. Apple inadvertently facilitated the closure and penetration of its own product. This vulnerability allowed the attacker to corrupt the phone's memory core, allowing a security researcher called Pwn20wnd to develop and publish an iPhone jailbreak.
This is a big deal for Apple, which offers a limited user experience – applications in its app store are subject to rigorous testing and restrictions, for example – as a replacement for high security. The last time the latest version of iOS was opened for jailbreak vulnerability came back in 2015, when iOS 9 was released, and for only seven days.
"When it comes to Apple, they have a very strict strategy about which apps allow the app store and which apps don't," says El Hajar. "I use an iPhone and sometimes I find that security is too much for the average user – every time you want to do something, it requires a password. Apple is trying to sell its iPhone as a very secure device. "
This begs the question then – why would anyone want to jailbreak their iPhone in 2019. There are really several reasons. From a basic user perspective, jailbreaking your phone can open up a number of new features. "There are several benefits – I use an open source operating system because it gives me the flexibility to do what I want with my operating system," El Hazar said. The phone gains this flexibility after being imprisoned. "It lets you really customize your phone and make full use of it," he says. (IOS users, for example, are already redesigning the look of their iOS home screens).
It also benefits from cyber-security for the system, explains Thomas Reed, Mac and Mobile's director at Malwarebite. Security researchers should be able to jailbreak iOS devices to study them. (Apple said this month that it would give less restricted iPhones to security researchers as part of a bug fixing program).
"For those researchers, this version of Apple is a huge benefit, enabling them to hack jailbreak and study the most up-to-date version of iOS available," Reid said. "While such research can obviously result in malicious activity, it is also the source of many bug fixes in every edition of iOS, as security researchers report problems to Apple through the bug fix program. pounds to detect these exploits.
Exploitation in iOS 12.4 affects even law-abiding iPhone users. First, be careful what applications you download. "I hope people are aware that with the release of the latest iOS 12.4 people, they have to be very careful downloading apps from the Apple AppStore," said security researcher Stephen Eser on Twitter. "Any such app can have a jailbreak copy in it." This would theoretically allow hackers to take control of your iPhone.
For example, he said Motherboard that the hacker "can make perfect spyware" by exploiting the error to steal your data. However, no examples were found at the time after the vulnerability was found in the code. Apple has not responded to media requests for comment on the problem, but is likely to fix the issue with iOS 12.4.1 release in the coming days.
And what about Apple fanboys scratching to raise their own iPhone? Well, beyond being able to drop your phone and void the warranty, there are more dangers to taking this path: "If you're an average user, you should definitely avoid pocket-billing" at all costs, "Reid says. He says jailbreaking your phone removes your security, putting you at a much higher risk of attack or malware, and that the most common ways of infecting iOS devices are through targeted nation-wide attacks or through jailbreaking.
El Jazeera agrees. "I personally wouldn't advise a telephone," he says. Not every jailbroken phone can be updated with Apple's security updates, leaving it vulnerable.
"It's also worth noting that Sedia Impact [a software needed to carry out the jailbreak] requires the user to enter their Apple ID credentials into the application to load the device's .IPA file, "Reid says. "It's never a good idea to secure your Apple ID credentials on any application, because those credentials are the key to your entire Apple life."
There were cases, he explains, when those credentials were used to lock the devices remotely through Apple's Find My service with a ransom message displayed. "I know at least one person whose iMac was substantially built because it no longer had a certificate to prove ownership," he says. "Apple may unlock a remotely locked device, but because of the likelihood of theft in such cases, they require proof of ownership."
More wonderful stories from WIRED
Ik TikTok fuels deadly hate speech epidemic in India
🚀 The incredible power of Russia's biggest secret nuclear missile
🍫 Food that you really need to store for no bargain on Brexit
♻️ The truth behind the biggest recycling myths in the UK
🤷🏼 How is the Internet still obsessed with Meyers-Briggs?
Најдобрите Get the best tech deals and gadgets news in your inbox