Jailbreaking

From SI410
Revision as of 20:11, 27 March 2020 by Parthdpa (Talk | contribs) (Ethical Concerns)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Cydia on jailbroken iPhone X running iOS 13

Jailbreaking gives the user of an Apple device running iOS, iPadOS, tvOS, or watchOS root access to the Apple File System (APFS) and file manager, also known as privilege escalation. This is typically done by patching the kernel to bypass code signing and allows the user to execute and install third party files, apps, themes, and features that are not available on Apple’s App Store. Jailbreaking was first demonstrated by George Hotz on the original iPhone in 2007, by performing a network unlock.[1] Interest grew when Jay Freeman released his package manager, Cydia. Furthermore, as Apple patched known exploits through software updates, hackers developed new exploits to jailbreak devices running newer software versions.[2] As software exploit patches progressed, new exploits gave way to different types of jailbreaks and grew from network unlocking to include customization of user devices and feature expansion. However, jailbreaking poses problems on security and stability of the device along with ethical concerns like piracy and copyright because of its legality and unregulated nature.

History

George Hotz in his 2007 YouTube video showing he carrier unlocked his iPhone

The concept of jailbreaking first began with George Hotz when the iPhone was first released in 2007. [1] The iPhone was exclusively available for purchase and use on the AT&T network. However, Hotz wanted to use the iPhone on the T-Mobile network, so he disassembled the iPhone and took control of the hardware to change the baseband code so the iPhone can be used on any network.[1] Apart from Hotz, three days after the release of the iPhone, a separate group of hackers gained access to the iPhone’s operating system and installed a custom ringtone, which was not a feature until 2010. [3]

In October 2007, a group of hackers called the iPhone Dev Team, released the first public jailbreak.[3] The release of the jailbreak garnered more public interest in jailbreaking and was accelerated by the incorporation of the package manager Cydia into the iPhone Dev Team’s jailbreaking tool in 2008 after the release of the Apple App Store on 10 July 2008.[3] Cydia is the most popular package manager and is developed and maintained by Jay Freeman, also known as Saurik online.[3] Cydia allows users of jailbroken devices to download and install apps and software not available on the App Store, to customize the device and expand features.

Jay Freeman(Saurik) giving a speech at Android Open in 2011
In June 2009, with the release of iOS 3.0, Apple patched the existing jailbreak exploits, preventing devices running iOS 3.0 from being jailbroken.[2] However, Hotz discovered another exploit in iOS 3.0 and released the jailbreaking tool purplera1n and later released blackra1n for iOS 3.1.2 with a new exploit.[2] As Apple patched exploits with iOS software updates, new exploits were discovered by Hotz and other hacker groups like the Chronic Dev Team and the iPhone Dev Team and new jailbreak tools were released.

After Apple released iOS 4.0 in June 2010, the hacker Comex released a jailbreaking tool called JailbreakMe 2.0 for devices running iOS 4.0 in August 2010[2]. JailbreakMe 2.0 allowed users to jailbreak their devices by visiting a website online from the exploitable device. It allowed users with less technical knowledge to jailbreak their phone, garnering more interest in jailbreaking.[2] Later in October 2010, the hacker group Chronic Dev Team discovered a permanent jailbreak exploit that could not be patched by software updates.[2] This exploit took advantage of hardware vulnerabilities that were present in iPhones released prior to 2011.[2] As jailbreaking grew in popularity, hackers like Comex, Hotz, the iPhone Dev Team, and the Chronic Dev Team started holding annual jailbreaking conventions to discuss and showcase the different exploits, with the first convention held in London in 2011 called MyGreatFest.[2]

In 2019, a new bootrom exploit, called Checkm8, was discovered that permanently jailbreaks iPhones, iPads, and iPods that were released prior to 2018 running iOS 12.3 and up, similar to the permanent jailbreak discovered by the Chronic Dev Team. [4] Checkm8 was discovered by a hacker with the handle axi0mX. The jailbreak tool checkra1n uses the exploit Checkm8 to perform the jailbreak and is developed and maintained by a collaboration of independent hackers.

Types of Jailbreaks

In order to perform a jailbreak, a jailbreaking program needs to be run from a computer connected to the device. This device is required to have an exploitable version of iOS, iPadOS, tvOS, or watchOS installed for the program to access and patch the kernel. However, when the device boots up, it loads Apple’s original kernel from the hardware, causing it to become unpatched. This requires the device’s kernel to be patched each time it is booted or rebooted.[5]
Checkra1n program. The latest semi-untethered jailbreaking tool for devices released prior to 2018 running iOS 12.3 and up
Depending on the type of jailbreak, a computer or application may be required to re-jailbreak or boot the device.

Untethered jailbreaks use an exploit that is powerful enough to execute a kernel patch each time the device is booted, or rebooted, without the need of a computer or application.[5] This allows the user of the device to reboot the device without losing the jailbreak.[5] [6]

Tethered jailbreaks require a computer to properly boot the device and maintain a patched kernel.[6] However, if the device boots up without a computer, the device will have an unpatched kernel and will be in an unfunctional state and will require a reboot and so the device's kernel can be patched again.[5] [6]

Semi-Tethered jailbreaks allow the device to boot into a fully functional state but with an unpatched kernel when booted up. The jailbreaking program will need to be run from the computer to achieve a patched kernel again.[5] [6]

Semi-Untethered jailbreaks are similar to untethered jailbreaks but require the a trigger for the kernel patch process.[5] This is typically done through an application installed on the device by the jailbreaking program.[5] However, in order for this type of application to be installed on a device, Apple requires the app to be signed with a development certificate. Normal user development certificates expire 7 days after signing and require a computer to resign the certificate, while enterprise certificates never expire once signed and require an Apple Developer Account.[5]

Purposes

Apple’s App Store policies do not allow apps to alter the device’s appearance or modify the software’s root files. Apps on the App Store are allowed to be self-contained.[7] Jailbreaking allows users of Apple devices running exploitable versions of iOS, iPadOS, tvOS, and watchOS to bypass Apple’s strict policies for apps allowed on the App Store and install themes, apps, and additional features not available on the device or App Store.[7] It also allows for software modification, to change underlying file and hardware locks of the device.[7]

Jailbroken iPhone running a custom system wide theme using Winterboard from Cydia

Customization & Feature Expansion

Through the use of package managers on jailbroken devices, users can download themes and apps that can customize the look of the home screen and the style of font used on websites and apps that are not available on the device from Apple. Users can also change the grid layout by downloading theming engines from the package managers.

Users can install additional features that cannot be added to a device without Apple adding features through software updates. Apps like Activator can be installed which allow custom button press features and screen gestures to be set to control device functionality such as disabling WiFi or Bluetooth through screen gestures and disabling or enabling lower power mode when the device is unlocked or locked.

Carrier Unlocking

When users purchase devices through cell phone carriers, the device comes network locked so that the device can only be used on that carrier’s network. These network carriers then either charge a fee or require a period of time, typically three months, of usage on their network before a user can request a sim unlock to use the device on another carrier’s network.[8] However, since jailbreaking a device allows root file read/write access a sim unlocking program can be run on a jailbroken device that modifies the baseband code.[8] The baseband code keeps track of the cellular network the device is locked to and what network it can send and receive data, messages, and phone calls on.[8]

Security & Stability

Jailbreaking an iOS, iPadOS, tvOS, or watchOS device mitigates security features that are set in place by Apple in the Apple File System (APFS). Since jailbreaking allows root file system read/write access, other apps and installed software also have access and can modify the root file system. This eliminates security that Apple designed to protect user information.[9]

Security

Package managers on jailbroken devices are unregulated and have no process of approval for apps and software uploaded to the package managers.[10] Any software or apps put on the package managers are untested by others and can contain anything.[10] Once an app is installed from a package manager or from online, it can infect the device and install malware, spyware, or viruses and can steal information or make the device unusable.[9][10]

Stability

Jailbroken devices, without apps or software installed from package managers, typically have the same performance, battery life, and stability as non-jailbroken devices.[10] However, since one of the purposes of jailbreaking is customization and feature expansion, software and apps that modify the stock Apple system environment cause a variety of different performance, battery life, and other stability issues.[9][10] Customizing the original layout and look on a device can cause frequent random reboots, loss of data, freezes, and crashes on the home screen or in apps.[9] Since apps on package managers have not been tested or approved, the apps can pull a significant amount of power and resources from the hardware in the device causing poor battery life and overheating.[9][11]

Ethical Concerns

Due to the nature of jailbreaking not being regulated by a governing force or group of people, jailbreaking gives a rise to many ethical concerns. The legality of jailbreaking depends on different country’s laws on circumventing the Digital Rights Management (DRM) systems on devices and servers.[12] In the United States, jailbreaking is legal under the Digital Millennium Copyright Act (DMCA) as an exemption.[8][12] Although the process of jailbreaking is legal, there are still actions users can do through jailbreaking that are considered illegal by law and unethical.[8][12]

Piracy & Copyright

DRM systems are used to describe technology or software that aims to stop or ease the practice of piracy and protect copyright.[13] Apple uses DRM locks to keep users from illegally downloading and sharing music from iTunes or apps from the App Store. Streaming apps on the App Store, like Spotify, Netflix, HBO, and Amazon, use DRM servers to limit supported places users can cast, download, and stream movies and videos to.[13] However, since jailbreaking a device allows users read/write access to the entire APFS on the device, they can download tweaks or programs that modify the DRM server connection to allow the device to stream, download, and cast videos, movies, and music to any device, supported or unsupported.[8] [13] This allows users to upload illegally downloaded movies, videos, and music to file sharing websites or sell through other means.

Security & Privacy

Due to jailbreaking and package managers not being regulated, files, third-party apps, and other software are not tested and certified before they are uploaded to package managers for users to download. Because jailbreaking allows read/write access to the device’s APFS, any installed application or software can modify any file or insert code to manipulate and steal data from the device.[8] These software programs and applications can introduce malware, spyware, viruses that allow hackers to connect to a user’s device and steal personal information like emails, passwords, credit cards, and location information, exposing the user in real time.[9]

References

  1. 1.0 1.1 1.2 Kushner, David. Machine Politics, The New Yorker, 30 April 2012. Retrieved on 26 March 2020.
  2. 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 Hardy, James. Charting The History Of The iPhone Jailbreaking Community, History Cooperative, 2 October 2014. Retrieved on 26 March 2020.
  3. 3.0 3.1 3.2 3.3 Heath, Alex. The History of Jailbreaking (Feature), Cult of Mac, 26 September 2016. Retrieved on 26 March 2020.
  4. Goodin, Dan. Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer, Ars Technica, 28 September 2019. Retrieved on 27 March 2020.
  5. 5.0 5.1 5.2 5.3 5.4 5.5 5.6 5.7 Promon. What You Need to Know About iOS Jailbreaks, Promon, 22 February 2018. Retrieved on 12 March 2020.
  6. 6.0 6.1 6.2 6.3 Panda, Prateek. Here's How Jailbreak Really Works, Appknox, 24 June 2016. Retrieved on 12 March 2020.
  7. 7.0 7.1 7.2 Keller, Mike. Geek 101: What Is Jailbreaking? , PCWorld, 13 February 2012. Retrieved on 12 March 2020.
  8. 8.0 8.1 8.2 8.3 8.4 8.5 8.6 Porter, Kim. Is jailbreaking legal and safe?, Norton. Retrieved on 12 March 2020.
  9. 9.0 9.1 9.2 9.3 9.4 9.5 Apple, Unauthorized modification of iOS can cause security vulnerabilities, instability, shortened battery life, and other issues, Apple, 15 June 2018. Retrieved on 12 March 2020.
  10. 10.0 10.1 10.2 10.3 10.4 Markuson, Daniel. Is jailbreaking safe for your iPhone?, NordVPN, 20 September 2019. Retrieved on 21 March 2020
  11. Breen, Christopher. Jailbreaking your iPhone: The pros and cons, Macworld, 6 August 2010. Retrieved on 22 March 2020.
  12. 12.0 12.1 12.2 Kravets, David. Jailbreaking your iPhone: The pros and cons, Wired, 26 July 2010. Retrieved on 27 March 2020.
  13. 13.0 13.1 13.2 Heath, Alex. How To Stream DRM-Protected Video From iOS Apps Via AirPlay And HDMI (Jailbreak), Cult of Mac, 10 August 2012. Retrieved on 13 March 2020.