Hackers Jailbreak iPhones to compromise iOS and gain full administrative control over the enviorment

Why Hackers (and Pen Testers) Jailbreak iOS

And why no mobile app is safe on a Jailbroken iPhone

What is Jailbreaking iOS — ie: What does it mean to Jailbreak an iPhone?

Below are the Top reasons people Jailbreak iOS:

  1. To bypass Apple’s restrictions around installing software or connecting to alternative app store (repos) like Cydia.
  2. To customize the OS, to change the behavior of their phone/operating system in ways that Apple does not support
  3. Developers Jailbreak iOS to access and modify the file system, test new app builds with a wider selection of tools, to test the security model of their app
  4. Gamers or hackers Jailbreak iOS to install game mods, tweaks, cheat tools, and more advanced hacking tools.
  5. Pen testers and Hackers Jailbreak iOS to gain an advantage in compromising the security model, to expose weaknesses in mobile app protections, to disable anti-tampering or other security protections, to turn off security SDKs that have been hard-coded to the app.
  • Jailbreaking makes it possible to obtain or use more advanced hacking tools (unfettered access to alternative repositories like Cydia, where hackers can obtain tweaks, mods, fake apps, clones, or get access to more powerful hacking or cheating tools).
  • Using Jailbreaking, hackers can achieve more powerful outcomes with just about any tool (e.g.: use FRIDA to perform dynamic code injection, function hooking, method swizzling. These are all methods by which hackers alter the logical control flows of a mobile app to replace intended app behaviors with their own malicious behaviors.
  • Jailbreaking enables hackers to use a much more extensive variety of hacking methods (e.g.:use emulators to alter memory and bypass in-app purchases in mobile games, to disable mobile advertising SDKs, to set-up a malware beacon inside the app)
  • Jailbreaking makes it easier to bypass security controls or protections (e.g.: disable anti-tampering protections, turn off digital rights management checks, disable mobile threat detection (MTD) SDKs in the source code.

What is Jailbreak Bypass (aka Jailbreak Hiding)?

How to Protect iOS Apps against Jailbreak and Jailbreaking Hiding Tools

  • Perform continuous Jailbreak checks — not just upon app initialization
  • Detect at multiple code and API layers — eg: Native code and non-native code and APIs. This is especially important if your app is built in a cross-platform or non-native framework like React Native, Cordova, Xamarin, etc, or if the app is built with multiple programming languages (Swift + Objective C). Building protections into your app that have dependencies on the specific coding language may mean that you need to implement multiple solutions in order to ensure broad protection
  • Detect Jailbreak via multiple detection mechanisms: inspect for changes made in superuser status, detect irregular file system modifications, detect attempts to circumvent Apple’s app-signing procedures.
  • Detect Jailbreak hiding and Jailbreak bypass tools like FlyJB or Liberty Lite. This is especially important because as I said before, Jailbreaking is one of the top ‘go-to’ tools of every hacker, and they will go through extreme measures in order to continue using Jailbreak reliably.
  • Jailbreak prevention should be a part of a cohesive, layered security defense, where it complements other security protections like app shielding, anti-tampering, anti-debugging, RASP, encryption, and obfuscation. This is especially important because hackers have many tools, methods, and techniques at their disposal when it comes to hacking mobile apps. It’s important to understand that mobile apps sit in public app stores where anybody can download the app and reverse engineer it, either by extracting the binary or run it thru a disassembler/decompiler to access the source code in minutes. If that’s not enough, chances are, the code is largely unobfuscated and the data largely unencrypted. And at best, maybe there’s a lightweight anti-tampering library in the app (which a moderately experienced developer/hacker can diable in about 5 minutes). On a Jailbroken device, an app that is so lightly protected doesn’t stand a chance. And if you do implement Jailbreak prevention via DIY methods, it’s important that the Jailbreak protection isn’t the ONLY protection in the app. Because if the hacker can’t jailbreak the phone, they can still decompile, debug, and reverse engineer their way to obtain what they are looking for — usually that’s your customer’s data.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
AlanB

ALAN BAVOSA is VP of Security Products at Appdome, a no-code mobile app security and development platform.