Lots of users jailbreak Apple devices to add application and modification that are not authorized by Apple. Users often jailbreak their devices and install third party applications. Many of us know jailbreaking make our Apple devices less secure. But, what exactly are the security concerns ? And, how does jailbreaking make Apple devices vulnerable ?
Let's understand this.
What is Jail actually ?
Berkeley Software Distribution or BSD is a Unix Operating System derivative which was developed by Computer System Research Group of the University of California, Berkeley from 1977 to 1995. It shared the initial codebase of AT&T Unix Operating System. And later, BSD releases were incorporated in several open source development projects like FreeBSD, OpenBSD, NetBSD etc. It was later incorporated in some modern proprietary Operating Systems also. And. Apple OS X and iOS were some of them.
In FreeBSD, jail mechanism is an implementation of Operating System-level Virtualization. In this mechanism, the kernel of the Operating System allows existence of multiple user-space instances instead of just one. And, these instances are called jails.
Jails mainly solve the following purposes :
- Each jail provides a virtual environment on the device with its own files, processes, users and superuser account.
- Each jail runs separately from the other and they cannot influence each other while running, which gives an additional layer of security.
- Each jail has a limited scope of execution and this enables several tasks to run with superuser access without having a complete control over the system. And, this enhances the security of the device to a great extent. Even if a particular jail gets hacked and the hacker gets root access, he will have limited access to the system files and can do no significant harm to the main system.
And, the same mechanism is used in Apple iOS devices also, as FreeBSD was incorporated in iOS.
What is Jailbreaking ?
Jailbreaking in iOS is the process of gaining unauthorized access or elevated privileges on a system. It basically modifies the iOS kernel and allows file system read and write access to an application.
Most of the jailbreaking tools apply some kernel patches to the iOS kernel and make some unauthorized changes to the kernel to remove the limitation and security features built by the manufacturer. And, this allows the users to install additional third party applications, extensions and patches from outside Apple's App Store.
Why one should not jailbreak
There are a number of reasons because of which one should not jailbreak iOS devices. A number of them are mentioned below :
- Third party applications installed after jailbreaking are not quality controlled by Apple and may contain malicious code that makes the device vulnerable to hacking.
- Some jailbreaking methods leave SSH enabled with a well-known default password, which an attacker can use for communicating with a Command & Control Server for malicious purposes.
- Attackers can easily insert malicious files into or extract sensitive file from a jailbroken device. In fact, this vulnerability is widely used by a number of commonly known malware programs.
- Attackers can use keyloggers or other malware programs to steal sensitive data from a jailbroken device.
- Also, jailbreaking a device voids the warranty. This can be an issue if the user needs hardware repair or other technical support for the iOS device.
Security tips for already jailbroken devices
If a iOS device is already jailbroken, you can still take a couple of steps to counter its security vulnerabilities.
- Change the root password of the jailbroken device. Many malware programs exploit the fact that very few jailbreakers change the root password of their devices.
- Install anti-virus program in your device. Scan it regularly for suspicious activities. And, keep commonly used software in the device updated with recent security patches.
- Be very careful about what applications you are installing in the jailbroken device. It is not at all advisable to install application from an untrusted sources, as they may contain malware which can cost you a lot.
So, be informed about various security concerns, so that you can protect your devices in a better way. And, stay safe, stay secured.