General security

Jailbreaking Your Smartphone

Ravi Das
May 23, 2017 by
Ravi Das

Introduction and Overview of the Last Article

Our last few articles (specifically, the last four) have critically examined the Security threats and vulnerabilities that are posed to Smartphone devices today.

We are often led to believe that we will be safe using our Smartphone devices because the mindset of not only the individual but also that of Corporate America is that Cyber threats are only targeted towards hardwired workstations or Central Servers

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

However, as it has been reviewed, this is far from the truth. The Cyber attacker of today is not only extremely sophisticated into launching their attacks, but they also know where the biggest "pain points will be." For example, they know that as a society, we are completely dependent upon our Smartphone for everything.

For instance, not only do we depend upon it exclusively for our communications, but we also depend upon it heavily for conducting our work-related matters. We also use our Smartphone to conduct E-Commerce transactions, and also to manage our finances.

So, because of this, the Cyber attacker knows that if they can launch a mass attack upon millions of Smartphones, they can bring a society down to its knees, and make the population which resides there experience a total sense of paralysis and helplessness.

In a way, this can be likened to that of a Distributed Denial of Service attack, where malformed data packets flood a Central Server and bring that to its knees as well. However, this is on a technical level, the situation painted earlier is a social one as well, and can have far-reaching impacts because of the level of human emotion that will be involved with it.

In this regard, there are many brands of Smartphones which are available on the marketplace today, but the most popular brands are that of the iPhone (which runs on the iOS Operating System), the Samsung wireless devices (which run on the Android Operating System), and the Windows Mobile devices (which primarily run upon the Windows 10 Operating System -though other devices may run on an older OS, such as that of Windows 8).

All of these are prone to grave Cyber-based threats and attacks. However, in comparison, it is probably the Windows Mobile devices which are at most risk. The primary reason for this is that, as just described, is they are running the same Operating System as that of the workstations and the Central Servers.

This was a decision made by Microsoft not only as a cost savings measure but to also create a unified and harmonized experience for those end users that make extensive use of both hard-wired and wireless devices in a Windows based environment.

Although this may provide a sense of convenience, the Security threats are multiplied by a factor of at least two-fold. In other words, whatever threats are posed to the workstation/Central Sever Windows 10 Operating System will also prove to have the same level of risk to that of the Windows 10 OS which runs on the mobile phones.

Because there are so many known Security vulnerabilities in the Windows Operating System in general, our last article looked at some of the most prevalent ones, which include the following:

  1. Making Network based Files and Shared Resources available to unauthorized users in a certain group.
  2. Lack of enablement of the Personal Firewall.
  3. Unaccounted for Systems which are running in the background of the Windows 10 OS.
  4. No minimum Security Thresholds or Standards which have been established.
  5. The Windows 10 for Mobile Phones cannot be tested using the traditional tools.
  6. Malicious Code being deployed Automated Updates and Patches process.

In this article, we continue with the theme of the Security risks that are posed to Smartphones- "Jailbreaking."

What Is Jailbreaking?


One of our previous articles examined the concept of the "Configuration Profile." With this, the major wireless carriers have created a file in which the end-user can configure their brand of Smartphone to their own preferences.

However, this is limited to the degree of thresholds which are already preset on the Configuration Profile. This simply means that an end user of an iPhone or a Samsung/Windows Mobile device does not have the full freedom to set up their particular wireless device the way he or she wants to, as they can their personal computer.

By "Jailbreaking" an end user, or even a Cyber attacker, tries to bypass or circumvent the Configuration Profile so that he or she can gain full administrative rights to it, and configure Mobile device the way they want to. In more technical terms, a Jailbreak can be defined as follows:

"A jailbreak is the act or tool used to perform the act of breaking out of a chroot or jail in UNIX-like operating systems or bypassing digital rights management (DRM)." (SOURCE: 1).

However, keep in mind, that this is an all-purpose definition. Each Mobile Operating System (as described earlier in this article) has its own version of a "Jailbreak," which is examined in the next section.

The Specific Types of Jailbreaks


  1. For the iOS:

    This is referred to as "Jailbreaking," and it is the specific process by which an end user or a Cyber attacker can maliciously bypass the iOS Security Kernels to gain full Read, Write, and Execute functionality onto their iPhone (and even their iPad as well). As a result of this, software and other mobile apps can thus be installed, which are not approved or digitally signed by Apple, and which are available externally to the App Store. For the iOS, there are two types of "Jailbreaks":

  • Tethered:

    This is where the iPhone has to be physically connected to a computer running the MAC OSX (via a USB connection) each and every time to initiate a new "Jailbreak" attempt. This is needed to circumvent the iBoot Signature Check process specifically and to ensure the functionality of the unauthorized mobile apps.

  • Un-Tethered:

    In this circumstance, the iPhone has to be connected only once for the first "Jailbreak" attempt. After that, there is no need to be physically connected for other attempts. All of the unauthorized mobile apps will still function normally.

    1. For the Android Operating System:

      This is referred to as "Rooting." This is the method upon which either privileged or administrative access is reached. It is important to keep in mind that the Android OS is actually created upon the Linux Kernel, this "Rooting" here is very similar to gaining unauthorized administrative rights or privileges on an actual Linux Operating System. However, unlike the iOS, "Rooting" is not required to run mobile apps which are external to the Google Play (this is the equivalent of the App Store). "Rooting" in this regard is primarily done by the Cyber attacker to either gain complete access to the Samsung wireless device or to purge it entirely of the Android OS and replace with some other sort of Operating System. The "Jailbreaking" process involves two general steps:

    • Physically unlocking the Boot Loader which comes on the Android OS;
    • Implementing a customized ROM in the rebooting process. This concept is explained further in the next section.
      1. For the Windows 10 Mobile Operating System:

        This is referred to as "Unlocking." This is the process by which certain Registry Keys or even the kernel is modified which is not authorized by Microsoft. In this regard, it does allow for the authorized modification of the Mobile OS under these separate categories:

      • Developer-unlock:

        This group of permissions and rights allow for the software developer to modify the Source Code in Sandbox type of environment or development and testing purposes.

      • Interop-unlock:

        This is a group of administrative rights which give restricted access to the Source Code of those mobile apps which possess the "Interop Services" functionality.

      • Full-unlock:

        This is where a Cyber attacker can bypass enough of the Security mechanisms in the Windows 10 Mobile Operating System to gain full access to the Source Code. In technical terms, this can be achieved by using an "OS Binary" file and maliciously associate with the OS to gain these elevated privileges.

      • The next section further examines some of the motivational factors why an end user or Cyber attacker would "Jailbreak" a wireless device.

        Why Jailbreak an iPhone, or Samsung/Wireless Device?

        Although the main reason for "Jailbreaking" into a Smartphone is to gain the ultimate control over it, there are other reasons as well for doing it, depending upon the type of wireless device and the Operating System that it is using. Here is a breakdown of this:

        1. For the iPhone/iOS:

          Probably one of the most compelling reasons to "Jailbreak" an iPhone is to install unauthorized third-party apps onto it. For instance, the only apps which can be downloaded onto this wireless device are those which are available on the App Store. However, even here, a subscriber has to create an account, and submit their credentials each and every time that he or she logs into it. After this process has been completed, a Digital Certificate is then issued to one hundred percent confirm the identity of the account holder. One of the most popular sources in which to download unauthorized mobile apps is known as "Cydia." Another major reason for "Jailbreaking" an iPhone is to make the FaceTime functionality available through the use of other wireless carriers. At present, a FaceTime conversation can only be carried out on an iPhone, but with enough persistence and technical knowledge, it can be maliciously configured so that it can be carried out even on a Samsung or Windows Mobile device.

        2. For the Samsung/Android OS:

          One of the biggest reasons to "Jailbreak" into the Samsung device is to gain the specific administrative features that come with it, such as the Access Rights and the Backup Utilities that come with it. These devices have also been known to come with a lot "bloatware" which already comes installed. So, another popular reason for "Jailbreaking" is to remove these unwanted software applications so that the end user or Cyber attacker can install the mobile apps of their own preferences. Another technical reason to compromise the Samsung device is to install a customized "Read Only Memory" (also known as "ROM") package. With this, the extra functionalities can be installed which are normally not made available. Because of this, the Android Operating System can be upgraded at the whims of the end user or the Cyber attacker, rather than at the prescribed times as set forth by the wireless carriers.

        3. For the Windows Phone/Windows 10 OS:

          This is the most popular tool for the Cyber attacker to "Jailbreak" into and exploits the weaknesses and vulnerabilities even further. The primary reason for this is that Windows is the most dominant OS which is used worldwide, and ever since its inception, has been the prime target for Cyber-attacks of all kinds and types. Another reason for hacking into this OS is to install mobile apps which have been specifically designed and created by the Cyber attacker.

        Conclusions

        In summary, this article has examined a new threat to the Smartphone, apart from the ones already reviewed. This is known as "Jailbreaking." This is a phenomenon when an end user wants to manipulate their wireless device in such a way that he or she will have ultimate administrative privileges to it.

        The result of this is that they can install anything they want to, and even configure their Smartphone in such a way that it will operate in a way not intended by the manufacturer.

        For the Cyber attacker, "Jailbreaking" not only means that they will gain unauthorized access to an end user's Smartphone, but that they will also be able to upload malicious software applications.

        The main intention of this is, of course, to hijack personal and confidential information/data to be later used in launching Identity Theft attacks.

        However, as one can see from this article, the main interest in "Jailbreaking" a Smartphone is in installing mobile apps which are of primary interest to the Cyber attacker or the end user. Very often, these mobile apps are not available on the App Store or Google Play, thus the motivation for the "Jailbreak."

        FREE role-guided training plans

        FREE role-guided training plans

        Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

        However, with this comes the consequences of manipulating a Smartphone in a way that is deemed to be malicious or purposeful by the Smartphone manufacturer. Our next article will review this, as well as some of the tools that have been used in "Jailbreaking" attempts.

        Resources

        1. https://www.owasp.org/index.php/Mobile_Jailbreaking_Cheat_Sheet
        2. http://www.pcworld.com/article/202441/5_Reasons_to_Jailbreak_Your_iPhone_and_5_Reasons_Not_To.html
        3. https://www.lifewire.com/what-is-jailbreaking-an-iphone-577591
        4. http://www.techradar.com/how-to/phone-and-communications/mobile-phones/what-is-jailbreaking-1322927
        5. http://www.tomsguide.com/us/jailbreak-root-unlock-phone-faq,news-17935.html
        6. http://www.pcworld.com/article/249091/geek_101_what_is_jailbreaking_.html
        7. http://www.cnn.com/2010/TECH/mobile/07/27/why.jailbreak.iphone/
        8. http://www.ebay.com/gds/Are-Jailbroken-Phones-Legal-/10000000177631978/g.html
        9. http://spyzrus.net/jailbreaking-an-iphone-easy-to-free-your-iphone/
        10. http://www.macworld.co.uk/how-to/iphone/how-to-jailbreak-iphone-ipad-ios-10-ios-9-pangu-yalu-restore-jailbroken-iphone-3427174/
        Ravi Das
        Ravi Das

        Ravi is a Business Development Specialist for BiometricNews.Net, Inc., a technical communications and content marketing firm based out of Chicago, IL. The business was started in 2009, and has clients all over the world. Ravi’s primary area of expertise is Biometrics. In this regard, he has written and published two books through CRC Press. He is also a regular columnist for the Journal of Documents and Identity, a leading security publication based out of Amsterdam.

        You can visit the company’s website at www.biometricnews.net (or http://biometricnews.blog/); and contact Ravi at ravi.das@biometricnews.net.