How secure is to jailbreak iPhone 4

jana
jana used Ask the Experts™
on
We have come upon a series of goodies that the only way to have it is to jail-brake our iPhone.

We have iPhone 4 with the latest version update installed.  Of about 6 iPhone, 2 are used by key personnel which consists of sensitive data.

We would like to know how secure is Jail-breaking an iPhone?  I mean, if we jail-brake it, can there be a hidden software just overseeing everything being done on the phone?  These type securities concerne is what we we would like have some light shed on.

Please advice how secure is this proces of jail-breaking an iPhone.

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Director of Solutions Consulting
Commented:
The jailbreak process is in and of itself totally safe. It basically just installs an app called Cydia. However Cydia gets to install things outside the normal sandbox. So be careful what you allow Cydia to install.

Also after you jailbreak the first thing to do is install the patch for the hole you just used. So for the jailbreakme.com stuff there is an app called pdfpatch2. That way malicious websites can't do bad stuff to you. Until apple patches the hole in the next version, your jailbroken and patched phone is actually MORE secure than it was before.

Author

Commented:
Thank you very much ^ very interesting your comment.  Are there any links or docs that i can show my boss to make them feel comfortable with this process.
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Commented:
Iphone 4 jailbreak is wery secure, you just after jailbreak must change ssh password, and keep eye on software what you install. Google will be your best frend in finding good repo sources.
Aaron TomoskyDirector of Solutions Consulting
Commented:
Ssh server hasn't been installed as part of the jailbreak or a long time now. So If you want to install a ssh client and change the root pw you can, but I feel secure without any ssh server because nothin is listening so it doesn't matter what the root pw is.

Author

Commented:
Great info...  couple of questions:

    - the link found within aarontomosky link, says that it supports upto iPhone4: 4.3 through 4.3.3.  
      I have 4.3.5. (8L1).  The link i refer to is:
      http://www.zdnet.com/blog/hardware/jailbreakmecom-back-online-easy-ios-jailbreaking-for-all/13546)

    - both EE mentions ssh password and Ssh server, should this be something to look into?

    - When you mention 'Google will be your best frend in finding good repo sources', what
      exactly do you mean?
Aaron TomoskyDirector of Solutions Consulting
Commented:
4.3.5 does not currently have an untethered jailbreak. That means if you reboot your phone it will not be jailbroken. Stay away. The best thing you can do is wait. Don't upgrade. You could get "tiny umbrella" to save your keys so you can downgrade later :
apple won't let your device restore to an older version. iTunes will refuse. Tiny umbrella asks apple for the key for the device and saves it. It can run a mini fake apple server so iTunes will let you restore older fw later after apple has quit allowing it

You would have to do this for all devices individually.

Author

Commented:
Hi aarontomosky, i reread your comment and still quite don't understand. You our version can'y be jailbreak successfully at this ?  also, whats "tiny umbrella"?
Hi Ramante,

It appears you have many questions here with respect to jail breaking your iPhone.  There is lots to learn and know.First some terms and things you should know.  

Then the act of jail breaking iOS means that software gains access to your operating system to the root level and thus is able to change things around.  There are many different jailbreaks for different iOS versions.  follow this wizard to know what you can do.  This is going to help you get to a tutorial on what you need to do.  This is also going to lead you to more questions like what you have above.

The best iOS version to be on is 4.3.3 as www.jailbreakme.com can jailbreak this version for you.  If you are not then the above wizard is going to help.

What Apple does to stop people like you from easily jail breaking your phone is that when you go to put an iOS version onto your phone iTunes send a code to Apple and apple sends back a signature, if this is correct then it will let you put this iOS version onto your iPhone.  Apple stops sending these signatures for old versions, thus for you it means that you cannot now go back and install 4.3.3 onto your phone and then jailbreak it.  The way around this is with cydia or tinyunbrella which both save your signatures, by asking Apple for them and then saving them for you.  then if you want to put an old version onto your iPhone you trick iTunes into communicating with cydia or tinyunbrelly instead of apple to get the signature.  Up until now no one has cracked the signatures, thus if you do not have a signature for 4.3.3 or less there is no way of getting it.

To specifically answer your questions;

Jailbreaking your phone itself is not going to cause much security problems.  For version 4.3.3 jailbreak me.com could be used which was a jailbreak which found a hole in safari.  Apple has blocked this hole.  Other jailbreaks find ways into the iOS while it is connected to your computer so as I said the jailbreak itself is not a security risk.

Cydia is usually included in all jailbreaks and this could possibly pose a security risk.  At best you can say that it is not fully known what all the features of cydia are.  If however cydia was doing something unwanted I think that people would have found it by now.

Also your series of goodies are the reason for needing this.  The only legal goodies I can think about are 1) cydia goodies or 2) your own developed goodies.  If you are talking about 1 then you are playing with the thing that could cause security problems. If it is 2 then the developer should be also able to give you tips on cydia and what could be done in your special case to check it is not doing something you do not like.



Author

Commented:
Thanx for the info.

Author

Commented:
Thanx

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial