iPad, iPhone Security Hole Vulnerable to Cybercriminals
Apple's iPod Touch, iPad and iPhone 4.
There's a gaping security hole in iOS 4, the operating system running Apple's latest phones and tablets.
The hole is being exploited by Jailbreakme 3.0, the latest version of a popular browser-based service that allows the user of an iPhone, iPad or iPod Touch to unlock or "jailbreak" his device and install apps unauthorized by Apple.
But that security vulnerability also makes it trivially easy for cybercriminals to take over iPhones or iPads. It's a hole that malware writers have yet to exploit.
Mindful of the threat, the Jailbreakme creators offer a patch to fix the vulnerability — a patch that can be applied only after their own software has exploited it. In layman's terms, that's called pulling the ladder up after yourself.
"Until Apple releases an update, jailbreaking will ironically be the best way to remain secure," writes Comex, the pseudonymous main creator of Jailbreakme.
To jailbreak a fully up-to-date iOS device, a user only has to navigate the device's Safari browser to http://www.jailbreakme.com. Bingo — no taking the device apart, no complicated hacking.
The service is free and, according to a U.S. Copyright Office ruling a year ago, legal. (But read the end of this article before you do it.)
Jailbreakme 3.0 exploits a little-publicized security hole in the way Safari handles PDF files to get "root" control of the most recently updated version of Apple's mobile operating system, iOS 4.3.3. (Jailbreakme 3.0 works on all iOS devices running iOS 4.3.3 except Verizon iPhones.)
But if Jailbreakme can take over your phone just by bringing you to a website, so can Trojan creators who poison search-engine results.
The primary creator of Jailbreakme addresses that issue.
"Along with the jailbreak, I am releasing a patch for the main vulnerability which anyone especially security conscious can install to render themselves immune," writes Comex, who identifies himself as a student at Brown University in Providence, R.I. "Due to the nature of iOS, this patch can only be installed on a jailbroken device."
Specifically, the user of a jailbroken iOS device needs to install the unauthorized Cydia app store and loader, and then install an unauthorized app called PDF Patcher 2.
Jailbreaking an iPhone, iPad or iPod Touch can be fun and gives the user access to lots of new apps and features, such as the ability to use an iPhone as a cellular modem for laptops.
But security experts advise against jailbreaking. The process opens up iOS devices to viruses and other malware that owners of non-jailbroken Apple devices don't have to worry about.
For jailbreakers who have second thoughts, the process is easily reversible. Connect your device to the Mac or PC you normally connect it to, back it up, run a "restore" process and then reload your data from the backup. Your device will be back in "jail."
UPDATED: In an apparent coincidence, Germany's Federal Information Security Agency on Wednesday warned German iPhone, iPad and iPhone Touch users of the same PDF-handling vulnerability, according to the Associated Press.