or really why you shouldn’t.
I know quite a few people who have jailbroken their iPhones. And I will apologize to many of them now, but I can tell you that most all of them should not have done it.
I realize that in their frustration to have the iPhone be all the things that it is capable of being, many users feel the need to bypass the constraints put in place by Apple. Unfortunately they also bypass a lot of the security functions (roughly 80%) built into it also. I see the stat that nearly 7% of all iPhones are jailbroken. Given that 90% of those probably have not done anything to increase that security posture, there are roughly 2.1 million “vulnerable” iPhones in use today (given 34 million in use Q9 2009).
So, for you to have the ability before anyone else to teather, MMS, Google Voice, etc you open yourself up to the following:
- Default SSH password setting – since this is often not changed by users who jailbreak their iPhones, this is the easiest port to access the phones OS.
- Use of iPhone to proxy your connections
Via those vectors “one” can easily connect and:
- See the iPhone OS file system… hmmm what files can I see and copy over from there? How about:
- SMS Messages
- Voicemail in .amr format
- Call History
- Cookies (could really find some interesting things with persistent cookies here)
- Even more fun? What about recAudio? Remotely, from the command line, enable the audio recording feature of the microphone. The audio is then stored to a local file (.aiff) that I can now SCP from the iPhone to the machine I’m on. Bamo… you have your own remote bugging device and no one will think twice about it sitting in a conference room while they are talking about… well anything.
- Uber stalker? You can also query the iPhones GPS API to return HI RES latitude/longitude information in XML format. Put those coordinates into Google maps and you can (with a tremendous amount of accuracy) track the path of an iPhone user.
- Make phone calls? What about making the remote phone make calls? You can make someone prank call without their knowledge. If you know them, you can make them call you and give them a hard time about calling and not saying anything. The uses are endless, eh?
- Remember the use of your phone as a proxy connection? How many users connect their iPhones to their office or home wireless networks? Since there are multiple interfaces on the iPhone and you can route between them. “One” could now use this as a bridge into a private network. So much for your firewalls and perimeter devices protecting your network.
Well believe it or not, there is good news for you jailbreakers out there. AT&T has begun to filter addresses on their NAT’d wireless network. But only quite recently. Prior to this, “one” could pop an AT&T aircard into a laptop, get onto a mobile wireless segment, get “one’s” own IP address and quickly scan that entire segment for users. A port scan will tell you which of those devices are iPhones. With this filtering in place (and only in some places) you are limited and not able to (as easily) map the devices around you. So this is a hurdle, but don’t take too much comfort in it being high enough to keep very crafty people out for long.
So the long a short of it?
Given how much information is contained on your iPhone, I don’t think there’s any application you need so badly that you’d be willing to give up access to all your personal information. So suck it up and use the apps/functions/features that Apple has available. When it can be provided securely (and probably profitably for Apple) it will be released. Until then, go play outside.
Special thanks to Trevor Hawthorn for his research and demonstration of these exploits at Schmoocon 2010.