JailbreakMe Exploits Apple iPhone Security Hole
JailbreakMe hit with the power of a thunderclap this week, garnering applause from Apple iPhone users looking to add a little more oomph to their smartphones with new and custom applications that previously weren't allowed by Apple brass.
JailbreakMe.com, a mobile Safari browser-based jailbreaking offering, was released this week in response to the U.S. Copyright Office's ruling last week that jailbreaking is not a copyright violation, making it OK to add software or applications to a smartphone that aren't approved by the manufacturer or carrier. Apple iPhone users, who have long sought ways to legitimately customize their devices, rejoiced.
And thus JailbreakMe was born.
But JailbreakMe introduces a massive security concern that still needs to be ironed out before we feverishly jailbreak our iPhones and rage against the Steve Jobs machine.
According to several reports, JailbreakMe burrows its way into your iPhone and the iOS by exploiting a security hole related to the PDF viewer. The vulnerability in iOS was largely unidentified until JailbreakMe popped up.
JailbreakMe works with iOS 4 for the iPhone and iPod touch and iOS 3.2 for the iPad. Essentially, the Web site uses the yet-unpatched iOS vulnerability to gain access to the device, similar to an older jailbreak method crated for iPhone OS 1.1.1. Apple has also fixed a similar issue with MacOS.
Basically, JailbreakMe presents a PDF that has a specifically crafted font embedded in it and the processing of the font has the security issue.
Without the right protections in place, that same vulnerability could easily be leveraged by a hacker to remotely plant malware on a user's device. The hole exists with or without JailbreakMe, but it should be seen as a call to arms for Apple to patch up the hole in iOS.
Questions around JailbreakMe's security come as the developer known as "comex et al" released the modified JailbreakMe 2.0. The same developer previously offered jailbreak tools for the Apple iPad. The current JailbreakMe iteration is free, but the developer accepts donations.
JailbreakMe is an early jailbreak and many are sure to arise in the wake of the U.S. Copyright Office and the Library of Congress recently lifting the ban on jailbreaking as spelled out in the Digital Millennium Copyright Act.
Still, the freedom to jailbreak may not be all it's cracked up to be as Apple has stood by its warning that jailbreaking the iPhone could void the smartphone's warranty. Apple has said it will not support jailbroken devices as the addition of unauthorized software could destabilize iPhone software.