Pedro Stephano asks, in a comment to an earlier blog:
I have always resisted the urge to jailbreak for no other reason than “It’s Wrong”. But reading your article suggests it’s a process that should be appropriately feared and avoided. Can you do a non-geek a favour and interpret what the damage might be? If I was the victim of such an attack, what would happen?
It’s “wrong” because it’s a breach of the agreement between Apple and the customer, though the legal issues have probably been overstated (see here and here).
Clearly, many people feel that Apple’s agreement is over-paternal and an infringement of their rights to choose their telephony provider and what apps they install. I’m the last person Apple is likely to talk to about its security strategy, but I suspect that having put all its iGadget eggs in the App whitelisting basket, the company would rather not be involved with security contexts it can’t control. While the App Store may not be the security breach-free zone Apple thinks it is – or wants its customers to think it is – jailbreaking opens up a whole range of opportunities for exploitation in areas where Apple has little or no control, like unapproved apps. Clearly, it’s to their advantage to deny responsibility for jailbroken iGadgets.
As for direct damage from attacks, the sky’s the limit. A previous vulnerability introduced by jailbreaking led to minor extortion attacks, a not-particularly-sophisticated hacking tool, and a small-ish but functional botnet. But a future attack might do anything, depending on the vector and any vulnerability it might try to make use of (including human gullibility).
The main problem here isn’t really the jailbreaking: it’s the vulnerabilities that the jailbreak makes use of. They could be used for any number of attacks, and it wouldn’t be particularly useful to try to second-guess what future attacks might do. If it helps though, I’ll try to explain briefly what the implications of the vulnerabilities are.
- The PDF parsing vulnerability in Safari allows the execution of arbitrary code. Arbitrary code suggests that attack code could, in principle, do pretty much anything the attacker wants it to. In practice, it would depend on the context of the attack, but I won’t attempt to predict that.
- The kernel error gives an attacker the opportunity to “escalate privilege”, which makes it easier to gain administrator access, allowing them to do more damage than they might be able to do as an unprivileged user who doesn’t know the administrator password. Bypassing sandboxing means that an exploit could execute code that would normally be blocked by the operating system itself.
Hope this helps.
David Harley CITP FBCS CISSP
Mac Virus Administrator
Mac Virus 
Leave a Reply