6 Reasons iOS 6 Jailbreaks Will Be Tough

shahpriyankd · 10-16-2012, 11:17 PM

Waiting for a jailbreak for the latest iOS 6 devices such as the iPhone 5? You might have to wait a while.

Jailbreaking your iPhone is now legal in the United States, even if Apple has historically discouraged the process. With Apple's release last month of iOS 6, iPhone hackers have, of course, set their sites on jailbreaking the new OS. So far no automated jailbreak is available for latest-generation iOS devices that run iOS 6. But software hacker Grant Paul claimed, to All Things Digital, that he'd jailbroken an iPhone 5 less than 24 hours after its release.
Last month, meanwhile, iPhone Dev-Team released Redsn0w, a tethered jailbreak for iOS 6, but it works only on A4-based and earlier devices, including the iPhone 4, iPhone 3GS, and iPod Touch 4th-generation. It won't, however, work on newer devices, including the iPhone 4s and 5, or the two latest generations of iPads.

Could a full iOS 6 jailbreak, including for the latest Apple devices, be just around the corner? Don't bet on it. Here are six of the top challenges that would-be jailbreak developers will face:

1. Finding sufficient vulnerabilities takes smarts. "Jailbreaking is just overwriting some values in memory," said security researcher Charlie Miller, in a presentation at the RSA Conference in San Francisco earlier this year. (Miller is now a member of Twitter's security team.) But to overwrite those values, would-be jailbreakers must find unknown, exploitable vulnerabilities in iOS and then successfully chain these vulnerabilities together.
For example, Miller said, "JailbreakMe.com 3 was an end-to-end exploitation of all the security mechanisms that are in iOS 5." He noted that the software's developer, Comex, also found code signing bugs in iOS 2, and again in iOS 5, that would allow exploit processes to create memory regions to make exploitation easier.
Such knowledge is difficult to come by. "All the jailbreak developers are really freaking smart," said Dino Dai Zovi, CTO of security research firm Trail of Bits, at the RSA conference. As a result, he said, all of the exploits that have been used for jailbreaking have either been discovered by teams of researchers, "or [by] Comex, who's from the future."

2. Vulnerability hunting takes time. Finding new iOS bugs that can be chained together takes time. The self-described "Jailbreak Dream Team" behind the first untethered jailbreak for the iPhone 4S and iPad 2, dubbed Absinthe 2.0 and introduced in January 2012, said it took them 10 months to figure out how to jailbreak the new A5 chip used on those devices.

3. Website-based untethered jailbreaking is insanely difficult. The aforementioned Comex isn't legendary in jailbreaking circles just for creating jailbreaking software by himself, but also for allowing people to do it via a website. Indeed, unlike other jailbreaks, which require a USB cable, Comex's can be installed simply by visiting the JailbreakMe.com website. But Comex's last release was JailbreakMe version 3, in July 2011, and it works only on iOS devices up to the iPhone 4.
The real identify of the iOS hacker who calls himself Comex was last year revealed by Forbes as a 20-year old Brown University student named Nicholas Allegra. Interestingly, Allegra last year announced that while on a break from Brown, he would be interning for Apple. Might Apple developers have gleaned some proactive iOS security suggestions from him? If so, it would mean further trouble for would-be jailbreakers.

4. Apple's update clock begins ticking after jailbreaks are released. Once they go public, exploits have a short shelf life. Indeed, whenever a new jailbreak appears, Apple begins patching the exploited vulnerabilities. "Let's talk about jailbreakme.com 2 [which debuted in July 2010]," said Zovi, who together with Miller helped co-author the iOS Hacker's Handbook, which was released in May 2012.
"Once you drop all these bugs, it gets fixed instantly," Zovi said, noting that after version 2 of jailbreakme.com debuted, it took Apple just two weeks to release an update that blocked the vulnerabilities that the jailbreak had used.

5. Early iOS 6 exploit was not a jailbreak. At the Hack in the Box conference in Kuala Lumpur earlier this month, Azimuth Security researchers Mark Dowd and Tarjei Mandt demonstrated a kernel exploit that allowed them to install and run Cydia--an application that can be used to search for and install apps onto a jailbroken iPhone--on an iPhone 5 running iOS 6. But they noted that their kernel exploit alone couldn't be used to jailbreak iOS 6 devices.

6. Apple keeps locking down iOS. Unfortunately for would-be jailbreakers, iOS 6 will arguably be the toughest mobile Apple OS to crack. According to Dowd and Mandt's presentation, Apple has added a number of features that have improved iOS 6 security, in part by better hardening the iOS kernel--the central component of the operating system--against exploits, better protecting against memory or heap corruption errors, and improving stack overflow prevention. In addition, Apple added new information leakage mitigations, including zeroing out some application programming interfaces (APIs) that had previously been used to execute successful kernel-level exploits. Apple also made address space layout randomization (ASLR) even more random and thus more difficult to circumvent.
All told, these iOS 6 mitigations significantly raise the bar, according to the researchers, who noted that many of the old tricks don't work, including bugs that previously could have been exploited to help trigger a jailbreak.

In Search of Jailbreaks
With the above discussion of jailbreaks, a caveat: there's a reason that information security managers discourage--if not actively block--jailbroken iPhones or iPads from accessing the corporate network. "What happens when you do jailbreak your phone--what does it do to the security architecture?" said Miller at RSA. "It turns out that it breaks everything. ... It turns off code signing, of course--that's why you jailbreak it. But code signing is tied to app permissions ... [and] all the things you download can run as root." That means there's no sandbox to prevent attackers from exploiting an app, then using it as a stepping stone to exploit the device in other ways.

The JailbreakMe website, however, has this to say in its FAQ: "By itself, jailbreaking does not make you vulnerable. However, a common mistake for jailbreakers is to install OpenSSH but forget to change the passwords for root and mobile; this lets anyone log into your device over the Internet."
Miller, however, disagrees. "After jailbreaking an iOS device," he said, "you really increase the risk of something bad happening."

robsbrutal · 10-17-2012, 12:07 AM

Good read!

rasputin007 · 10-17-2012, 12:35 AM

Interesting point of view!
However, everything is in constant change. The "cat and mouse" game between Apple and the Jailbreakers always went on. Agreed, the level on which they battle is getting higher and higher (that is the constant change bit

), but so far there has not been a 100% secure and unbreakable operating system and iOS 6 is no exception.
As always it is just a question of time when iOS 6 will be jailbroken.

~~classy56~~ · 10-17-2012, 02:18 AM

I appreciate Apple might have made the Kernel security harder to break, but in my opinion IOS6 is no different from previous IOS, it's just a case of "seek and ye shall find".

Wirerat · 10-17-2012, 03:37 AM

Noted a error in the report.

Jailbreakme was never for ios 5. Comex already worked for apple when it released. Prolly a typo.

sohaf · 10-17-2012, 05:08 AM

Where is Geo Hot when we need him to pwn every idevice for life

sadiphone · 10-17-2012, 06:42 AM

I dont know why apple makes it hard for JB when all the do is still the ideas of all the cydia tweaks thanks to the JB community. If apples is not carful people are going to go over to android.

RedDevil · 10-17-2012, 07:30 AM

They (the dev team) have way to much money to lose if they dont. Look for that other article on how much money Cydia paid to developers..... 8 million dollars. Those developers arent making that kind of money from the apple app store

joshuax · 10-17-2012, 08:34 AM

They'll have to pry my jailbroken 4S from my cold, dead hands.

Sinned_Elmeerrr · 10-17-2012, 08:37 AM

Quote:

Originally Posted by sohaf

Where is Geo Hot when we need him to pwn every idevice for life

Geohot got arrested for drug trafficking in Mexico last time i checked.

boyantcho · 10-17-2012, 09:49 AM

The whole article mostly talks about JailbreakMe.com which should be easy to assume that will be very hard to achieve nowadays. If I have to bet that there will be a untethered JB or not, I would bet in favor of it. Will it take time? I would also bet, that it will. To me the obvious reason is that most likely we will see a few new 6.0.x updates by Apple to take care of some minor issue and then we may see more news on the JB front. It easily could take a few months.

The bigger question is will we ever see a discovery of a vulnerability like limera1n again, for A5 or A6 iDevices? Most likely not, but you never know.

DeepUnknown · 10-20-2012, 04:16 PM

Quote:

Originally Posted by sadiphone

I dont know why apple makes it hard for JB when all the do is still the ideas of all the cydia tweaks thanks to the JB community. If apples is not carful people are going to go over to android.

I guess they are doing that so they don't get sued by app developers, since after jailbreak any cracked app can be installed.
And they want their OS to be the safest mobile platform.

King Kaos · 10-20-2012, 07:31 PM

in other words:

devs are looking for new recruits of coders, next gen crackers.

TheRealPorkchop · 10-20-2012, 08:12 PM

Quote:

Originally Posted by Sinned_Elmeerrr

Geohot got arrested for drug trafficking in Mexico last time i checked.

Wow, damn. You gotta be a smart mofo to know how to do this shit and then you go full retard and end up getting arrested for drugs? Damn, just damn.

It's stupid that Apple tries so hard to keep people from jailbreaking their devices, why? What the fuck does it hurt to jailbreak it? If it messes up the OS install, you just re-install it... no big deal. There surely is NO way in hell it could actually mess up hardware... is there?

iphonehckr · 10-20-2012, 08:53 PM

To Apple jailbreak means = Piracy

robsbrutal · 10-20-2012, 09:20 PM

Apple doesn't wanna be the bigger man and admit that some nobodies thought of things and made their OS amazing and incredible. It would be apple saying they are wrong and we all know that'll never happen

djmelee · 10-23-2012, 06:43 AM

This whole article is a complete copy/paste from a different website (Xsel),

At least give the original author 'sadam' his credit.

BFoster108 · 10-23-2012, 06:50 AM

I think apple used comex to find out where he found theyre security flaws then when he found them they got rid of him.....waiting to find out who from the jailbreak community is next....if I were apple id try and get pod2g....doubt hed do it though...lol....then again money is money

[AMM]Viper · 10-23-2012, 07:50 AM

So much for Comex helping Us out, with his time at apple he was helping out the wrong team on the security exploits -.-

GorgonSin · 10-23-2012, 08:12 AM

Quote:

Originally Posted by sadiphone

I dont know why apple makes it hard for JB when all the do is still the ideas of all the cydia tweaks thanks to the JB community. If apples is not carful people are going to go over to android.

only 8% of iphone owners care to jailbreak so if they go to android i doubt apple will acre..llolol