Someone sent me a copy of this MacWorld article in which Charlie Miller makes the claim that jailbreaking is a threat to ecurity (I left off the ‘s’ because apparently they stole it for the new iPhone). Does Charlie really believe that DRM is healthy for a computer system? It seems that having disclosed the SMS vulnerability, he should know more than most that application signing provides more copyright control than it does actual security. Ironically, most exploits such as SMS and Safari exploits have the potential to affect every single iPhone user with a vulnerable version of firmware – whether it’s jailbroken or not.
He is right, but only to a certain extent. While he’s correct that a jailbroken kernel allows for any self-signed application to run, I don’t see that as necessarily increasing the threat by malicious individuals, who are looking for the types of exploits that will affect the entire iPhone community. The SMS vulnerability is emphatic proof that the native applications on the iPhone are more of a viable target and of more interest to a malicious party, as they are a standard part of the iPhone operating system. These types of exploits don’t require a jailbreak, and pose a much more significant security risk to such a large monoculture of mobile devices.
Lets talk about jailbreaking and security for a minute, shall we? Ironically, and much to Miller’s chagrin, the jailbreak community has been responsible for fixing more security problems with the iPhone than it has caused. As early as October 2007, a serious image processing vulnerability was discovered in iPhoneOS v1.1.1. The iPhone dev-team (of which I was a member at the time) developed a website which iPhone users could visit to patch this serious vulnerability. The vulnerability was so serious, in fact, that other free services provided on the website included installing free, open source software at the user’s request. The jailbreak community had a solution out for all iPhone users within a week of discovering the vulnerability. Apple took another several months to release a patch. More recent security fixes have involved patches for personal data leaks, such as preventing the storing of screenshots (taken by the iPhone operating system) of everything the user is doing, and preventing the iPhone’s built-in keyboard logger from recording everything you type. None of these security fixes are available to people unless they jailbreak their phone. One final example of something the jailbreak community had a fix for long before Apple was the loading of remote images in Mail, which allowed spammers and scammers to embed web bugs to identify you.
Overall, with the release of iPhoneoS v3.0, Apple fixed 46 security bugs. That should give you an indication of just how many holes Apple had left open in the operating system – which may have affected you over the past two years without your knowledge. Apple suddenly doesn’t come off as the poster child for security that Miller makes them out to be.
So we’ve dispelled the myth that jailbreaking is detrimental to security when, in fact, it has a long history of improving security (thanks to Apple’s lax and, in my opinion, reckless attention to security). But Miller’s claim is almost arguing that giving an iPhone the same level of security as every single Unix-based computer system out there isn’t sufficient! Mac OS, Linux, and every other desktop and server operating system powering our economy run whatever software the user cares to load on them, and they do it without asking Apple for permission and without a lengthy review period to ensure the application jives’ with the manufacturer’s public image of the product. These desktop systems drive everything from financial systems to critical infrastructure across the world while connected to public networks, yet we don’t consider these systems to be dangerously insecure (unless they’re run by a federal government, but that’s a whole other issue). If Miller really believes what he’s saying, he must also make the argument that every desktop machine should also run a trusted kernel that only runs what the manufacturer specifically signs. This opens up a dangerous stronghold by the manufacturer to impose a monopoly, thus creating an even stronger monoculture than before, thus leading to an even bigger security threat. Imagine a world where you have to ask your computer manufacturer for permission before writing software!
Ironically, earlier versions of iPhone firmware didn’t include such a signing mechanism, and it only even came to be as a result of Apple’s determination to control their protected revenue channels – DRMd music, movies, and now applications. Before the SDK was announced, code signing wasn’t even a consideration by Apple. It was only after Apple decided to compete with the popular open source software community that code signing was introduced to attempt to snuff out the competition. This tells me that the goal of code signing isn’t necessarily for “security”, but more over for copyright control and to keep a closed ecosystem (to prevent competition). It’s the equivalent of selling German cars that won’t fit any aftermarket parts, and thus sell for three times as much as they’re worth. Is the overpriced sports car more secure?
One can squawk all they want about how jailbreaking opens up some kind of “dangerous vulnerability” on the device, but all I hear are the echoes of the kind of propaganda I would expect to hear from Apple’s legal department to gloss over the obvious anti-competitive nature to which code signing was originally implemented. It was clearly put there to protect Apple’s vested interest in controlling the market, and to prevent competitors (like Palm and Jay Freeman) from easily making products that can compete with Apple’s own.
In my opinion, jailbreaking an iPhone allows the device to function more like a computer system, and less like a monopolized, centrally controlled product – which sounds better to me. And in acting like a standard Unix computer system, we in the technology world are more likely to deem it to be “secure enough” as any Laptop with an AirCard or network server. The added benefits of jailbreaking outweigh any risk that we could possibly incur as a result of DRM control.
Also consider that jailbreaking benefits us in 10 ways which I tweeted a week or two ago, shown below. The benefits far outweigh the rarely-ever missed loss of DRM control. If you ask me, turning the iPhone into a regular computer benefits the consumer more than the “security” provided by code signing DRM.
Reason 10:
To get the very most we can possibly push out of technology we’ve purchased, and to explore an learn about this wonderful device.
Reason 9:
Better AppStore apps. Ironic but developers can see the guts of what’s really going on when they can access the phone and debug.
Reason 8:
Portable Unix. How often do geeks need a terminal window to run a script, SSH, or FTP? Why pay when you can have a Unix world.
Reason 7:
Land of misfit toys. Lots of great apps rejected by AppStore get to be seen by jailbreakers, and some are well worth the download.
Reason 6:
Security. If we can break it we can also fix it, and faster than Apple. Would you rather we find security bugs or the bad guys?
Reason 5:
Unlocking. Subsidized phones are great but many travel internationally and still need unlocks. Others just hate AT$T.
Reason 4:
Cool stuff. Useful tweaks & hacks to change internals like WinterBoard and PushMod keep us geeks happy. Without them, frustrated.
Reason 3:
Law enforcement. While the cops don’t jailbreak, iPhone forensics use similar technical procedures to help convict rapists, murderers, and even terrorists.
Reason 2:
To expose open privacy leaks. Through jailbreaking, we can see just how much private data is exposed and show you (and Apple) how to work around them – there’s lots to fix.
Reason 1:
An open device is an open market, and an open market breeds accountability and competition, keeping Apple from getting too greedy.
So why does Miller hold the misguided belief that jailbreaking is detrimental to the iPhone’s security? Miller makes no bones about the fact that he and Apple “agreed” not to give too many details about the SMS exploit. Clearly he’s been approached by Apple. I surmise it may be likely that Apple asked him to agree to discourage jailbreaking as part of his SyScan presentation. Sound crazy? Apple desperately needs some PR backing in their ongoing case with the EFF, who is trying to add additional legal safeties to make jailbreaking even more legal than it is. Apple has been taking the position lately that jailbreaking is illegal (it isn’t), a violation of copyright (it isn’t), and detrimental to – you guessed it, the iPhone’s security (it isn’t).
This wouldn’t be the first time Apple’s hell hounds have been unleashed on security experts. Apple went on an offensive attack against a well known technology company who put on a conference a few months ago, in which I gave a presentation disclosing numerous vulnerabilities with Apple’s operating system, and the ability for an identity thief to lift personal data within seconds. While we met most of Apple’s requests with a polite “go to hell”, their legal department clearly made an impression on the conference, and my presentation. Perhaps Charlie’s running a little scared at his first encounter with Apple. Or perhaps he really believes that jailbreaking is evil and should be outlawed, as Apple is trying to convince a judge. What’s important to take away from this is that the so-called “security” Miller is referring to isn’t intended to be security at all, but rather Apple’s mechanism for closing off a product to competition, and controlling the revenue streams for everything that gets put onto the device.
A large multi-billion dollar company greedy making excuses to run DRM? Nah. Say it aint so.