Is Jailbreaking your iphone or ipad bad for security?

Jailbreaking is the terminology used to describe the situation where the native protection of an iPhone or and iPad is defeated (hacked) to allow developers access to the file system’s root directory. These files would normally be hidden and not accessible but when a device is jailbroken developer’s are then able to modify them and create new offerings outside the control of the Apple store. Now that you know what jailbreaking is you may be asking yourself why would someone want to jailbreak their device and how is it done?

Why would someone want to jailbreak and iphone or ipad?

Jailbreaking is typically done by digital rebels who like to tinker with their devices and not be bounded by the laws imposed by others. People that believe devices should be open to exploration and that once they purchase it they are free to modify and improve. Many people jailbreak to utilize advanced short cut features, use apps only available on jailbroken devices, and open up their data options beyond the restricted carrier models that are available normally (also known as unlocking vs. jailbreaking).

How is jailbreaking done?

There are numerous free utilities available including Spirit and Absinthe that allow you to jailbreak your iphone, ipad, or other iOS based device. If you decide you should choose your utility wisely because picking the wrong one could lead to an inoperable device or security problems. I have chosen not to jailbreak my device but if I did jailbreak it I would make sure follow these jailbreaking risk mitigation steps.

Jailbreaking security risk mitigation steps

  1. Perform a full system backup prior to attempting the jailbreak
  2. Choose a jailbreaking utility that is validated as compliant with your version of iOS running on your ipad or iphone to minimize the likelihood of problems
  3. Choose a jailbreaking utility that is highly rated by other users with a large install base
  4. Choose a jailbreaking utility that has a track record for supporting new iOS levels and is covered by respected
  5. Skim the documentation of your jailbreaking utility to make sure you are changing any default passwords that are created as part of the process. Many of the utilities leave a default account that could be a future security or malware thorn in your side if you do not assign a unique password when prompted.

Why jailbreaking is not a good idea for enterprise use?
#1. Jailbreaking a device violates the Apple terms of service and likely violates your Apple care warranty. Many companies rely on Apple for hardware support so violating the terms of service puts this arrangement in jeopardy.

#2. Jailbreaking a device increases the risks of device instability since Apple does not validate the effectiveness of a jailbroken device. This is more theory vs. any working examples to highlight at the moment but it is very logical that increasing complexity can lead to increase problems.

#3. Jailbreaking a device increases the likelihood of iOS upgrade issues when new updates are rolled out. Apple iOS constantly changes so you have to ask yourself how much time you have to troubleshoot and deal with problems if the jailbroken device does not tolerate a routine iOS update.

#4. Jailbreaking an iPhone or iPad can increase the probability of data security issues since you are installing unreviewed software from vendors of unknown quality. In my opinion this is the biggest reason not to do this at the corporate level there is just too much downside risk that is hard to quantify.

#5. Jailbreaking a device has been known to increase battery consumption rates. Batteries drain quick enough and adding extra app or utility overhead only increases the drain.

Jailbreaking a personal iphone or ipad is a personal decision with limited risk but the same action is a drastically different equation in a corporate setting.

Help a friend by passing on these useful information security tips
  • Digg
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks