How (NOT?!) to jailbreak your iPhone

Security

Remember the last big jailbreak news?

It was nearly a year ago, back in May 2020, when well-known Apple jailbreaking crew unc0ver released version 5 of their jailbreak toolkit, just a week after Apple came out with iOS 13.5.

The word jailbreak, at least in the IT world, is a generic term for a programming trick that can liberate locked-down hardware from the strictures that the manfuacturer built into it.

But these days, jailbreaking most commonly refers to a very specific sort of unlocking tool: one that can release your iPhone or iPad from Apple’s notoriously strict walled garden.

(On locked-down Android phones, the process is more commonly known as rooting, because root is the name given to the one-admin-to rule-them-all account on Unix and Unix-like operating systems.)

What’s all the fuss about!?

Opponents of jailbreaking argue that it should be banned because jailbreaks can be used to bypass copyright protection and anti-piracy measures.

The say jailbreaks make it too easy to get your device into an insecure state.

Some argue that jailbreaking is pointless because Apple’s walled garden already provides vetted versions of all the software you could ever need anyway.

Proponents, however, say that banning jailbreaking to stop copyright infringement is a red herring.

After all, a non-jailbroken device can be used to access infringing material anyway, right there in your browser if you want, and no one is seriously suggesting banning iPhones (or the Safari browser) on that account.

Likewise, jailbreakers argue that jailbreaking is often the only way to increase security by allowing you to fix bugs that Apple hasn’t patched yet, or never will.

As for the walled garden argument, well, if you paid for your device out of your own after-tax income, and you own the hardware itself outright, jailbreaking means you can use your device as creatively or as ecologically as you wish, albeit at your own cybersecurity risk.

Is there a choice?

As we mentioned at the top of the article, the last – or, as you’ve probably figured out by now, the last-but-one – iPhone jailbreak only handled iOS versions up to iOS 13.5.

But that’s all changed in the past week, because on 2021-02-25, @Pwn20wnd of the unc0ver crew tweeted:

Next came @axi0mX, on 2021-02-27:

And an update to the update arrived this week on 2021-03-02:

It now looks as though at least one of the “in the wild” security vulnerabilities that Apple patched unexpectedly and in a vague shroud of secrecy at the end of January 2021…

…was patched as an anti-jailbreaking measure, given the mention of CVE-2021-1782 (a kernel-level privilege elevation hole allowing complete device take-over) in @Pwn20wnd’s tweet above.

So if you followed our advice to “patch early, patch often” (and please see below why we still think applying Apple updates as soon as you can is a wise move), you will already be on iOS 14.4, and that’s the one version that this new jailbreak can’t handle.

Part of Apple’s anti-jailbreaking protection includes measures to prevent you from downgrading, which deliberately stops you reverting to older, known-buggy versions of iOS when a new jailbreak comes out. (Sorry, folks,)

Should you or shouldn’t you?

Our take is pretty simple.

A. If you live in a country where jailbreaking is actually illegal, don’t do it.

You are just inviting legal hassles you don’t need.

If you feel strongly about having the freedom to unlock and repurpose your mobile devices, vote with your wallet and choose a product up front that isn’t permanently locked and that you can lawfully “liberate” without getting into trouble.

B. If you are using your device for work, don’t jailbreak if IT asks you not to.

If you are using your phone to access company resources and to co-operate with colleagues, spare a thought for your IT team, who are almost certainly already working all the hours they can to keep your organisation cybersecure.

Life’s hard enough for your sysadmins without flinging your unregulated and unaccountable hand-hacked device into the mix.

So please do your best by IT, and stay current with Apple’s official patches instead of hanging back in the hope that the version you have will get a jailbreak soon.

(And please don’t kick up a fuss if they kick your device off the network if it’s jailbroken.)

C. But if jailbreaking is legal where you live and you own the device outright, knock yourself out!

Don’t feel compelled to try it, of course, but you may be surprised at what you can learn from the process.

We’ve jailbroken old iDevices before, mainly to give them a new lease of life (re-use before you recycle, and all that).

Just remember

Just remember that if you do decide to go down the jailreaking route on your iPhone or iPad:

  • Your device might never work again. This is called bricking your phone because it turns your device into a very expensive paperweight, a job more cheaply and reliably done by a humble housebrick. Jailbreaks involve running code that Apple really doesn’t want you to, so there’s plenty that could go wrong.
  • If it’s listed as a “tethered” jailbreak your phone will not be able to reboot on its own. If your battery runs down or the phone crashes, you will need to plug it into your laptop – that’a the tethering part – before it will restart properly.
  • It’s easy to get security settings wrong. For what it’s worth, the only real-world self-spreading iPhone computer viruses or worms (that we know of, at least) were restricted to jailbroken devices. These viruses, known as Ikee and Duh, attacked users who had done a jailbreak but not heeded the security warnings that came with it.
  • You’re on your own. OK, strictly speaking, that’s not true because there’s a vibrant jailbreaking community out there who may well be able to help you. Or not.

As we said above, we’ve jailbroken old iDevices before so we could keep using them after Apple’s offiical “use by” date.

But we don’t recommend a jailbreak simply because it has an old-school rock-and-roll feel to it.


Products You May Like

Articles You May Like

Investors say Eindhoven poised to become Netherlands’ No. 2 tech hub
Delivery service Gopuff acquires rideOS for $115 million
California Cops Launch ALPR Transparency Portal
Texan Admits Data Center Bomb Plot
Can *YOU* blow a PC speaker using only a Linux kernel driver?

Leave a Reply

Your email address will not be published. Required fields are marked *