How Does Jailbreaking Work?
How Does Jailbreaking Work?
While many people understand the importance of keeping their desktop or laptop computer secured by using tools like Trust.Zone, PureVPN, or McAfee antivirus, most don’t understand the importance of mobile device security. As you likely know by now, we here at PinpointVPN focus on internet security in all forms.
Jailbreaking used to be extremely popular amongst iPhone owners, but over the years, the practice has become less and less common due to Apple’s security updates. In this article, we’re going to discuss how jailbreaking works. After that, we’ll go over some of the types of jailbreaks and whether or not jailbreaking can create some security flaws.
What is Jailbreaking?
Compared to Android devices, Apple phones and tablets tend to have one major weakness: their operating system is a lot more restrictive. Everything that runs on Apple’s ecosystem needs to be approved by Apple itself, which may not be an issue for more casual users who don’t care about pushing their device to its limits.
However, if you’re a power user and you rightfully want to make the most of the device that you purchased, then jailbreaking starts looking like a good idea. One common mistake that people make is thinking that jailbreaking is illegal, but that’s not the case. That doesn’t mean, however, that there aren’t risks involved.
Jailbreaking an iPhone or iOS device is essentially a process in which you bypass the boot checks that are performed whenever you start up your phone. This will allow you to access iOS’s root so that you can fully access the device’s file management system and use whatever apps you’d like.
How Does Jailbreaking Work?
There is a certain partition of iPhones that regular users don’t have access to, and this is known as the media and root partition. This partition is where your device stores all of its files, though this is usually blocked off by something known as fstab. A jailbreak allows you to patch and override this.
Since this file is set to read-only by default, that means that you’re typically not allowed to make edits to it. Fstab controls whether or not you’re allowed to access the root partition of your iPhone or iPad, and to be able to access this area, you’ll need to change fstab from read-only to read-write mode.
While changing a read-only file on a computer may be relatively easy, Apple doesn’t make it quite as simple on their mobile devices. This is because the files are checked every time you start your device, and if everything doesn’t pass Apple’s checks, the device will reset the files that aren’t up to par.
There are a few different ways to get around this system, including patching these checks so that they don’t occur or finding a way around the checkpoints. The former option is pretty unrealistic and the vast majority of jailbreaks operate by finding a bypass around the checkpoints, also known as a backdoor.
Jailbreaking and Your Phone’s Boot Process
The first thing you need to know about how jailbreaking works is how it relates to your phone’s boot process. When you boot an Apple device, the device performs a check or inspection known as the chain of trust. These are the checks that we mentioned in the previous section and there are quite a few of them.
For example, the first thing that runs when you boot your device is SecureROM to ensure that everything is as expected. After that, the device runs Bootloader, which starts loading up the device’s firmware. After that, the kernel is loaded, which is the base level of the operating system. Finally, iOS itself boots up.
Boot Process Checks and Tests
However, these processes aren’t necessarily an issue for jailbroken devices, where issues start to pop up is when the kernel is loaded. During the kernel’s loading process, the device performs tests to ensure that the device is operating within Apple’s parameters, and if anything is wrong, you’re going to have a problem.
These tests look for indicators known as keys, and if all of these keys are not present, you run into the issues that everyone experiences when they’ve failed to jailbreak their device properly. The most common thing is your phone entering a boot loop, where it won’t start at all.
How the Jailbreak Gets Around the Tests
So how does a jailbreak prevent this from happening in the first place? First off, your jailbreak will have the option to either bypass the checks or to patch the checks themselves. As we’ve mentioned, patching the checks is pretty unrealistic, so bypasses are the most popular way of doing so.
The first bypass method is the SecureROM exploit, which means that the jailbreak code is run before the SecureROM process even begins and before any checkpoints. On the other hand, userland exploits run the code before the kernel boot process starts. This method has a downside in that it can be patched out by iOS software updates, unlike the SecureROM method.
Jailbreak Types
This brings us to the various types of jailbreaks that are used to circumvent Apple’s security checks. All of these jailbreaks are designed to load before the kernel, but they have a few key differences between each other. We’re going to take a look at tethered jailbreaks, semi-tethered jailbreaks, and untethered jailbreaks.
Tethered Jailbreaks
Tethered jailbreaks are the least convenient because you need to connect your phone to a computer every time it boots up so that you can bypass the kernel’s security checks. If you start one of these phones without it being tethered to the computer, it will likely enter a boot loop.
Semi-Tethered Jailbreaks
Semi-tethered jailbreaks are similar to the tethered ones in that you’ll need to connect your phone to a computer every time you restart it if you want to make sure that you can use the jailbroken functions. The difference is that your device will function normally if you don’t tether it on restart.
Untethered Jailbreaks
Untethered jailbreaks are the most convenient ones but they’re also the rarest. If you restart your device, the jailbreak will perform everything necessary before the kernel checks. This means that you won’t need to connect your device to a computer to re-jailbreak it every time you restart it.
Are Jailbreaks Dangerous?
So is it a good idea to jailbreak your iOS device if you’re worried about security? Probably not. When your phone is jailbroken, any update to iOS can potentially undo all of the hard work you put into jailbreaking it. You may be thinking that you can just avoid iOS updates in that case, but that comes at its own cost.
Another issue with a jailbroken phone is that you’ll typically have stability issues with it. You may experience more frequent crashes and unexpected reboots. The worst possible case is your phone becoming entirely unresponsive (i.e. bricked). If this happens, you’ll have to buy an entirely new iPhone, so don’t jailbreak what you can’t afford to lose.
Now, let’s look at three of the most critical risks you’ll have to deal with when you jailbreak your device.
The Dangers of Uncertified Apps
One of the main reasons why Apple doesn’t allow people to download any app on the App Store is because apps have a lot of access to your device’s system. This means that a poorly-made app can result in some serious problems for your device, even going as far as potentially bricking it.
This is why Apple has a certification process in which they thoroughly review every app that goes up on the App Store. Apple even has a history of removing different app types from the store, including apps in the past that allowed you to use your iPhone’s 3D touch as a scale.
Lack of Security Updates
One of the most critical issues you’ll run into when you jailbreak your phone is that you likely won’t be getting iOS updates on time if at all. This means that you’ll be lacking crucial updates to device security that exist to ensure that your phone can’t be infected by viruses or cracked by hackers.
If you’re thinking that you could just download the latest updates anyway, you may end up ruining your device’s jailbreak. In the best case, you’ll have to download the next jailbreak (when it’s eventually developed). In the worst case, your device may end up getting bricked.
Root Password Accessibility
Another issue is that jailbreaking your device exposes access to the root password, which is meant to control your device on the most basic level. The issue lies in the fact that the root password for every Apple device is the same by default: “alpine.”
Apple likely won’t change this because it’s not meant to be accessible to the user in the first place. However, if you’re an experienced jailbreaker, you should be able to change this password, but the issue is that most people don’t even realize that this is a risk and they keep it the same.