Jailbreaking is Dangerous!

[whmurray]

One question, are you for real???

Might wanna do something about that paranoia...

You betcha, GI. I have been doing this for a living likely longer than you have been alive. Moreover, I am well paid for doing what I am doing here for free.

I am a professional paranoid, but even paranoids have enemies.

 

[big9erfan]

For the moment, the iPhone population is dramatically more secure than the Internet. That is because of choices that Apple, and to a lesser extent, AT&T, have made. I do not want to see us piss that away in the name of a little more generality and flexibility that was not included in the product they bought, most do not really need, and few are competent to manage.

The great thing is that jailbreaking is a choice and you choose not to do it. There are those of us that are conscious of security and know war changes we make to the phone and what it opens us up to. Part of the discussion on these forums is about how to jailbreak safely. If you choose not to jailbreak that's great, but don't come and poop on other people who have choosen to be different than you.

 

[whmurray]

I don't know where your argument about jailbreaking putting others at risk comes from. The only people at risk are other people who have jailbroken their phones, installed SSH and not changed their passwords........

The implicit assumption behind this argument is that the jailbreak community is homogenous and that the naifs in it are not entitled to our orderly behavior. One only has to read the pleas for help in this forum to know that there are a lot of people engaging in jailbreaking that are not as good at it as you are.

I'm not trying to convince you that jailbreaking is the bee's knees, I'm just saying that you're assigning a lot of false blame to jailbreakers when they are the only ones that are potentially affected by these worms, any only susceptible to them as a result of their own negligence.

First, I am not in the blame business. I am in the problem solving business. My profession and experience enable me to anticipate problems that may not be obvious to others.

Second, naivete is not the same as negligence. We owe predictable behavior to the naive and should not go out of our way to punish the negligent.

I am not trying to argue that jailbreaking one's own iPhone is the moral equivalent of hacking someone else's system. Not even that it is the moral equivalent of attaching a weak system to the Internet. I only argue that it is riskier than many people understand and the risk is not limited to our own iPhones.

 

[BLiNK]

whm has some very valid points and obviously is well educated in the vulnerability of the security of our up and coming digital age.
i am glad that someone actually took the time to come here and open some eyes.
we need to learn from this and continue educate ourselves.
i had a lot of reservations about jailbreaking and after reading/researching for a week or so i decided to do it,
but after reading all of this it makes me wonder...

 

[whmurray]

The great thing is that jailbreaking is a choice and you choose not to do it. There are those of us that are conscious of security and know war changes we make to the phone and what it opens us up to. Part of the discussion on these forums is about how to jailbreak safely. If you choose not to jailbreak that's great, but don't come and poop on other people who have choosen to be different than you.

True. However, in the digital world we are all connected. If not by your individual choice, I am effected by the collective choices of others. I will not "poop" on others if they do not pee in the sand-pile. We all have an interest in one another's hygiene.

This is the last that I will say in this thread. I usually avoid all jailbreak threads but got sucked into this one by what I perceived to be the naivete of the opening post. While I am a little disappointed by the responses and that some took personal offense where none was intended, I am encouraged by the large number of lurkers.

 

[IGoSlo]

I fully agree with you Blink... But when one peppers their arguement with falsehoods, Lies, deceit and personal attacks on those that He doesn't agree with, it NULLIFIES their position. I suggest to Everyone who has been following this conversation go back and RE-READ EACH of WHM's comments... I'm NOT debating his Education nor his Expertise in the "Cyber Security" area NOR am I denying there is a "Security Issue". I AM Debating his General Blanketing of "ALL Jail Breakers" as "Rogues, Thugs, Naifs, Members of the Underworld living in the same Community". For THAT I take offence. Yet he FAILS to acknowledge he to lives within that SAME Community, as pointed out by another in this thread. Thereby placing himself, in his mind, ABOVE the "Rogues, Thugs, Naifs and Jail Breakers". WHM is "GIFTED" in his usage of the English Vocabulary. Quoting another FAMOUS Socialist..." JUST Words, JUST speeches"... It's amazing the power of the tongue... Pepper your speech with truth and falsehood and you can sell one a worthless bill of goods or even buy a man's soul without his knowledge of what just happened.

 

[Greenchunks]

The entire purpose of this sub-forum is to help people with Jailbreaking and to discuss the intricacies of it. So isn't this forum in essence helping the entire AT&T/iPhone society by increasing the security and helping those who may be as WHM classifies them 'weak systems'? Essentially, we are the good guys of the jailbreakers, those with the knowledge and/or desire to learn more about the phones so that we are not susceptible to future exploits, and that we can assist others in becoming safe from them as well.

For the record, I got my first iPhone one week ago today, and I have been jailbroken for 2 days. I guess reading makes me some kind of expert?

WHM, you say that there are unknown vulnerabilities out there for Jailbroken iPhones, but if they are so completely unknown, is it not true that there are also likely vulnerabilities for normal iPhones? As IGoSlo put it, it's a personal responsibility thing. If you jailbrak your phone, it allows you to do things that could lead you open to an attack. And if your phone is attacked it could lead to other people (who also didn't take the proper steps) being attacked. Basically, the only people who are being attacked are those who did not take responsibilty for their actions (learning about jailbreaking before doing it)

You need to step back a little and look and your position to understand why perhaps you are at odds with so many of us here. You are paid to deal with security exploits, and deal with systems that are not secure and have been attacked. Therefore, all you see all day long is harmful people taking advantage of weak systems. This causes you to have a skewed perspective of how pervasive the exploits are. I know someone who works with Western Digital (and previously with Seagate) repairing damaged and failed hard drives. As a result, she doesn't trust most drives because of the sheer number of failed drives she sees at work. However, in reality the failure rate of most modern drives is actually quite low.

If you have anything to add as to how we can make our jailbroken iPhones more secure and less vulnerable to attacks, I'm all ears. If not, you can go back to your job which pays so well instead of spending your time here for free.

 

[Leanna Lofte]

As with any debate thread, I have been watching this one closely and this one has remained civil enough. However, I must point out that not once did whmurray ever say that all jailbreakers are "rogues, thugs, naifs". This, in fact, is what he said

You become part of a population that includes the rogues, thugs, bullies, and naifs.

He later said

I was very careful not to group all jailbreakers with "rogues, thugs, and bullies" but simply pointed out that by jailbreaking one includes oneself in a population that they occupy.

So whmurray in fact does not believe that all jailbreakers are "rogues, thugs, and bullies".

Let me be clear that I am not choosing sides on this matter (there are things I agree and disagree about both arguments) but just felt I needed to point this out since some are taking personal offense to a misunderstanding.

 

[IGoSlo]

Parsing of words...It Depends what the "Definition" of is... "is"... whmurray stated and I Quote..." When one Jail Breaks "ONE BECOMES PART" of a COMMUNITY of Rogues, thugs, bullies and naifs". Now, he is either stating Jail Breakers are a community within a community or they "BECOME" LIKE the Community they have chosen to acquaint themselves with... He Can not have it BOTH ways... He uses the word "BECOME"..."to enter into or assume a certain state or condition". That my friends, is WHAT I TAKE OFFENCE with... whmurray has NEVER had a relationship me nor would he recognize me on the street. Yet he passes JUDGEMENT?
And YES he has passed JUDGEMENT... With his opening statement he passed JUDGEMENT on ALL Jailbreakers... Again... "Just Words... Just Speeches"... String enough of them together and one can sell a BOX of Rocks... His Logic into the jailbreaking community holds no value... it's ALL based on HIS false assumetions as to whom we are as individuals Yet most likely I'm NOT the only Jail Breaker he knows very little about... As with this and other Forums, not all members are on the same page or serve the same agenda. Does that make us like the "DECEIVER"? I think not. In this world, just as in whmurray's world there are those who have HONEST Hearts and those that DON'T... Both world's not only have individual Rights and FREEDOMS, They BOTH Have a responsibility to protect, EDUCATE and strenghten their members... WHM, I wish you peace knowing that YOU have NOT been called to POLICE my world

 

[darksniper404]

Been jailbreaking for two years now and never had a single problem. I've also jailbroken 35+ iPods for my friends.

 

[kbduvall]

Non-jailbroken phones aren't immune from risks either. Wasn't there something recently about an app sending phone numbers without user's consent? So one "issue" has been identified for jailbroken phones as well as non-jailbroken phones. 1 to 1.

If everyone always stayed with a platform that offered "security" in exchange for restrictions, technology wouldn't be where it is today. The reason we've made it this far is because of people who weren't happy with the current offerings and decided to create something they thought was better.

Sure, with any new technology, new method, or with any advancement there is risks. But should we as a society stop trying to improve things because we're afraid of unknown risks?

And besides, there are plenty of phone platforms out there that are more open and more "vulnerable" but they do as jailbrakers do. They identify vulnerability and patch it.

It's the nature of the beast we call "advancement".

 

[BLiNK]

I'm not joining the to jailbreak or not to jailbreak discussion, but in regards to paying for jailbreak software, I recommend reading this blog post written by the developer of blackra1n.

On the iPhone: An Information Campaign

To sum it up, when you buy jailbreaking software, the seller is making a profit off something someone else developed and is providing for free... so it's theft.

llofte, thank you for the wonderful link to geohots blog.
it's very interesting/entertaining to say the least.
are we to understand that paying for "any" jailbroken app is in the wrong?

 

[kbduvall]

are we to understand that paying for "any" jailbroken app is in the wrong?

Not any jailbroken app. The act of jailbreaking and the software used to jailbreak your phone is free. Some people are selling the software that Dev Team and Geohot have made for people for free.

 

[big9erfan]

Not any jailbroken app. The act of jailbreaking and the software used to jailbreak your phone is free. Some people are selling the software that Dev Team and Geohot have made for people for free.

This. He's saying that the people that make the software the jailbreaks the phone are giving it away for free, and that it shouldn't be charged for. There are MANY sites on the internet that charge to download software like BlackRa1n and the Pwnage Tool.

 

[Leanna Lofte]

llofte, thank you for the wonderful link to geohots blog.
it's very interesting/entertaining to say the least.
are we to understand that paying for "any" jailbroken app is in the wrong?

No no, not apps... the software used to actually jailbreak your iPhone. And I wouldn't say it's *wrong* for a buyer who doesn't know any better to purchase the jailbreaking software, but the sellers are very much in the wrong... they are stealing someone else's work and making a profit from it.

 

[BLiNK]

thanks for clarifying that.
just curious, are the app devs a different breed within rock or cydia than the AT&T app store?
do they develop apps for both parties?

 

[Ipheuria]

Good for you. Are you certain that that is the only vulnerability that you have introduced into your iPhone?

Keep in mind that even attacks that you successfully resist consume resources. Contemplate a world in which half of all iPhones are jailbroken and only half of those compromised and generating attack traffic. While such a scenario is less likely in the iPhone population than in the Internet, we used to think bot-farms were unlikely there.

I remember getting the same arguments that you are using from IT professionals when I suggested to them that connecting weak systems to the Internet was anti-social. Today, if one attaches a weak system directly to the Internet, it will be covertly owned by others in minutes. Today there are hundreds of thousands of such compromised systems in the Internet. Control and use of these systems is available for a fee.

Today, most malicious software is purpose-built and used only against targets of choice. However, the multi-billion dollar anti-virus industry was a response to mischief against targets of opportunity. The mischief makers used the same arguments, including that the naifs did not deserve our concern, much less our protection. We should not be asked to use hygiene simply to protect them.

The Pakistani virus, arguably the first real problem virus, was distributed by software pirates with their offerings. They wanted to punish those who were unethical enough to do business with them. Of course, millions of others were victimized.

Clueless Puppy was surprised at how well his attack worked. So, perhaps your neighbor is not as smart as you give him credit for.

For the moment, the iPhone population is dramatically more secure than the Internet. That is because of choices that Apple, and to a lesser extent, AT&T, have made. I do not want to see us piss that away in the name of a little more generality and flexibility that was not included in the product they bought, most do not really need, and few are competent to manage.

Lets make it simple, just because you bought your phone from Apple and chose not to Jailbreak it doesn't mean your phone is secure. Did you hear about the multiple text which would turn your vanilla iPhone and any other into a bot by exploiting a security vulnerability? Have you heard of iMobsters and other games from the developer which recorded information to send back to the creators? These were games sold in the App Store to all iPhones vanilla and JBen. As long as you have a device that runs code there will be someone who can break it and take advantage whether you are JB or not. So I hope you feel safe because your phone is protected, because it's a vanilla iPhone and protected by Apple's security restrictions. Jailbreaking exploits a vulnerability on iPhones, all iPhones so whether you Jailbreak or not the vulnerability still exists on your iPhone. So your idea of the JB phones being weaker than other iPhones and compromising all iPhones doesn't really hold that much water. Just think the JB community made the exploit widely known to the world and used it for a constructive purpose. If everyone was closed minded and didn't want to experiment with the phone but use it just as Apple intended someone may have found the exploit and used it for devious purposes compromising millions and millions of iPhones possibly yours included hmmmmmm.

 

[sargd66]

^
Good point!!