jailbreakers are even encouraged to change the root password on their phone, for example, to thwart unwelcome attacks.Of the many reasons people don't jailbreak their iPhones (besides the most obvious: "I don't see the point"), is the concern that it will affect the security of their phone. That concern is not unfounded -
Security issues are present because the current jailbreaking methods, by their very nature, diminish certain protections Apple has put in place. However, there's a new jailbreaking process on the horizon aiming to change that. The tool will be called "antid0te" and its reveal is only days away.
Coming Soon: A Jailbreak That Adds ASLR
According to a report by The Register, a security analyst by the name of Stefan Esser, of the German firm SektionEins, will introduce a new jailbreaking process that automatically introduces the protection of ASLR.
ASLR, short for Address Space Layout Randomization, is a security protection that randomizes the memory locations of where injected code is executed. ASLR is baked into Windows (Vista/7) and the new Windows Phone 7, security analyst Charlie Miller told The Register, and it's available in a more limited format in Mac OS X. However, on iOS, the operating system that powers the iPhone, iPad and iPod Touch, it isn't present at all.
iPhone's current lack of ASLR allowed security researchers at this year's Pwn2Own hacking contest to break into a fully patched iPhone and hijack the entire SMS database, including deleted messages. The hack took just 20 seconds.
Esser will be presenting his new, more secure jailbreaking method at the Power of Community security conference on December 14th. He will also introduce a new tool called "antid0te" which will simplify the jailbreaking process for end users, much like the line of current jailbreaking tools (redsn0w, PwnageTool, limera1n, etc.) do now.
For details on the current jailbreak and how-to guide, click here.
Jailbreaking to Improve the Security of Your iPhone?
Could it be that the new jailbreaking process then, instead of making phones less secure, would actually improve their security protections? That's certainly what it sounds like: "With ASLR, an exploit mitigation is added that is not available in factory iPhones and makes exploitation more difficult," reads the session and speaker bio on the conference website. And it won't end there. "This is only the first step," the description reads, "more mitigations and a full reactivation of the codesigning protection are planed for the next months."