Hi,

Can anyone tell me if Jailbreaking an iPhone will leave it vulnerable to external attacks?

I've not read into much, but from what information I have come across, it seems that it could be possible for another iPhone user or computer user to steal personal information from your iPhone via WiFi.

In addition, is the Jailbreaking software safe in itself? Could this software possibly 'phone home' personal data from your iPhone?:confused:

If anybody has any tips on the best security practises for Jailbroken iPhones, it would be greatly appreciated if you could share them.

Thanks in advance,

TT

You backup your personal info first. As long as you don't unlock your phone for use with another carrier, and are careful and follow instructions, you'll be fine. And if you do have any problems and have to take the phone back to the Apple store, just restore the phone in iTunes first so everything looks legit. They won't look in the filesystem for mods. I've been using a jailbroken phone since the initial jailbreak and am now on 1.1.2 jailbroken. Good luck!

Thanks for the advice Jayhawk.

I was just slightly worried about intruders being able to hack into my email, calendar or address book.

I haven't bought my iPhone yet, I'm going to wait and see what Steve says about future firmware revisions at Macworld. He may even tempt me to enter into a new phone contract, thus bypassing Jailbreaking altogether.

Cheers,

Twisted T

Thanks for the advice Jayhawk.

I was just slightly worried about intruders being able to hack into my email, calendar or address book.

I haven't bought my iPhone yet, I'm going to wait and see what Steve says about future firmware revisions at Macworld. He may even tempt me to enter into a new phone contract, thus bypassing Jailbreaking altogether.

Cheers,

Twisted T
I think you're misunderstanding what "Jailbreaking" is.
Jailbreaking is when you open up the iPhone's filesystem, making it possible to write to it, so you can install third party software. In the context above, you're thinking of unlocking, which would let you use it on another GSM provider.

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420.1 (KHTML, like Gecko) Version/3.0 Mobile/3B48b Safari/419.3)

just be aware that jailbreaking the phone puts a hole in the security of the phone. However so far it seems mostly harmless.

I think you're misunderstanding what "Jailbreaking" is.
Jailbreaking is when you open up the iPhone's filesystem, making it possible to write to it, so you can install third party software. In the context above, you're thinking of unlocking, which would let you use it on another GSM provider.

I was considering using a UK 02 iPhone with an 02 pay & go or pay monthly sim card. Therefore I wouldn't need to unlock the phone. However, I would need to 'fake activate' it and I believe the simplest way to 'fake activate' this iPhone involves using Conceited Software's Jailbreak method.

I'm not really interested in installing unauthorised apps at the moment, I just want to have an iPhone without the ridiculous 18 month contract. Then again, Steve may still persuade me to sign up on the 15th. Who knows!

Thanks,

Twisted

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420.1 (KHTML, like Gecko) Version/3.0 Mobile/3B48b Safari/419.3)

just be aware that jailbreaking the phone puts a hole in the security of the phone. However so far it seems mostly harmless.

the ironic part is there's already a hole w/ the phones security, hence, being able to jailbreak it :)

[SIZE=1] mostly harmless.

Just be careful of what you download and you should be fine.

Yeah jailbreaking is perfectly safe as long as you backup your stuff, just sync with iTunes, know what you are installing, and know how to fix any problems if they happen...

Guys...The OP is talking about "UNLOCKING" the Sim...NOT jailbreaking to install third party apps. I would recommend guidance pertaining to that request. I won't do either so can not advise.

Good Luck

Sure go ahead, jail break-it, unlock it, hack the hell out of it. Its completely safe, aside from the 11-year trojan making pre-teens out there.

seriously though, with the new news about the Trojan, id think twice, people have said it all along that the phone was vulnerable, now all thats been confirmed. Either proceede with EXTREME CAUTION. IM going to restore my jailbroken phone back to factory.

Once you jailbreak the iphone, are you allowed to continue using iTunes to install other applications, or even update iPhone software when available without problems, or do you need to forget about iTunes and other Apple legal stuff?

Thanks.

Once you jailbreak the iphone, are you allowed to continue using iTunes to install other applications, or even update iPhone software when available without problems, or do you need to forget about iTunes and other Apple legal stuff?

Thanks.

You can still sync Apps and music on your iPhone/iPod even after you jailbreak. You get the best of both worlds.

The only real reason I have jailbroken my iPhone in the past was for PDAnet and I kept all my other legal stuff in tact.

Make sure you don't have 10.5.6 on your computer. JB doesn't work with this update

Altering the function of a device does not inherently make it more vulnerable.

Yes, if you install and run OpenSSH all the time (even when you're connected to publicly-accessible networks) and don't change your account passwords -- yes, in that case you are vulnerable.

Just jailbreaking, however, doesn't make your device any easier to compromise.

This quote proves you can become a macrumors demi-god without knowing anything about the iPhone and jailbreaking. Apparently, the number of devices listed in someones ego-signature is inversly proportional to knowledge.

Ha. Agreed. I'd love to know some of these added security risks, as if the phone is risk free when its not JB anyway....

Nice sig BTW MikePA.

I just wonder what kind of sensitive data people would store on a cellphone. What is there to worry about someone getting into anyway (if thats even the case)?

All iPhones use the same username/password combos for both the superuser and normal user accounts. The passwords for these accounts ('root' and 'mobile', respectively) are well known.

On most systems this would be considered a security risk. However, since there is no way to actually log in to a stock iPhone remotely, this isn't a problem.

Enter jailbreaking. Jailbreaking will not, on its own, allow remote logins. It will, however, enable you to install an SSH server (such as OpenSSH). When the ssh daemon is running, your iPhone can accept remote logins. If you don't change the default passwords for the two accounts, anyone who knows those passwords (i.e. anyone with access to, say, Google) and can connect to the SSH daemon can log in to your iPhone. This is most decidedly a security risk. If you change the passwords, you're fine.

Jailbreaking in and of itself does not introduce any additional security holes. None. It will allow you to install software that, if misconfigured or malicious in nature, can lead to your device being compromised -- but that is true of *any* device that allows you to install third party software without heavy sandboxing.

I think a lot of people don't know what they're getting themselves into when they JB their iPhone.

The end-user can just not be an idiot and not install the stuff that DOES open it up to security flaws.

What happened here? Oh well, I still want to know what kind of sensitive data people are storing on a cellphone that they are worried about. Keeping important information on something as easy to lose as a cellphone seems like the biggest security issue here.

Oh well, I still want to know what kind of sensitive data people are storing on a cellphone that they are worried about. Keeping important information on something as easy to lose as a cellphone seems like the biggest security issue here.

There are some security steps you can take on an iPhone while there are more you can take on a phone, like a BlackBerry, that was designed and has options for the enterprise. These steps mitigate the risk of losing a phone.

The BES (BlackBerry Enterprise Sever) allows lots of centrally managed options that the user can not override. On a BB, the login password can be require as can the complexity of the password. It can be set up to encrypt the device and automatically wipe the device if the wrong password is entered more than 10 times. BES can also limit what attachments can be sent to the phone.

The iPhone is not an enterprise device.

It can be set up to encrypt the device and automatically wipe the device if the wrong password is entered more than 10 times.
iPhones have this setting

iPhones have this setting

Can it be set from the server and set so the end user can not change the setting?

Can it be set from the server and set so the end user can not change the setting?

If the end-user is locked out, then they can't change the setting...

Can it be set from the server and set so the end user can not change the setting?

Not quite, but close enough.

If it's specified in the provisioning profile, it cannot be changed without re-flashing the device. It's not enforced server side, but the end result is the same (i.e. you can't change the setting without flashing over the config that your IT dept. provisioned it with.)

If the end-user is locked out, then they can't change the setting...

The end user isn't locked out of their own phone. The point is it can't be a setting the end user can change.

ppc750fx answered my question.

The end user isn't locked out of their own phone. The point is it can't be a setting the end user can change.

If the iPhone is stolen with the password enabled, they're locked out. That's the only reason you'd need to have the wipe, anyway.

Does the process/act of jailbreaking slow down the iphone (or cause instability) in any way or does it slow down once you add apps? I had previously JB my iphone and found it getting really slow despite only installing winterboard with just one theme (theme was "touch") -thats it. Safari crashed a lot and apps would take 20 seconds to load. I used pwnage tool (not quick pwn)... I've searched the internet on this and I find support for both arguments...
1) JB'ing slows phone down and causes instability
2) JB'ing is fine. Its the apps you install that can cause problems


So in reference to the original poster's question.... i thought I would propose this to the thread for discussion because I myself get confused with the pro's/con's of the whole jailbreaking process.

Does the process/act of jailbreaking slow down the iphone (or cause instability) in any way or does it slow down once you add apps? I had previously JB my iphone and found it getting really slow despite only installing winterboard with just one theme (theme was "touch") -thats it. Safari crashed a lot and apps would take 20 seconds to load. I used pwnage tool (not quick pwn)... I've searched the internet on this and I find support for both arguments...
1) JB'ing slows phone down and causes instability
2) JB'ing is fine. Its the apps you install that can cause problems


So in reference to the original poster's question.... i thought I would propose this to the thread for discussion because I myself get confused with the pro's/con's of the whole jailbreaking process.

It causes instability AND numerous threads on macrumors.com from clueless people screwing with their phones and then running here for help.

It causes instability AND numerous threads on macrumors.com from clueless people screwing with their phones and then running here for help.

I have no problem helping people who have problems with jailbreaking...How else are they to learn? Its hard to decipher which sites offer the best jailbreaking advice. God forbid if they google "jailbreak" and end up at the zibri site (dont know if he's still around). My point is that there are many sites that sound expert-like, but offer conflicting statements on jailbreaking and unlocking. I think that contributes to alot of the problems with jailbreaking. I find macrumors one of the best sites to talk shop with other mac enthusiasts. I learn a lot here myself.

Back to my orginal question... do you think jailbreaking alone causes problems with the phone or the problems arise when you add apps?

Back to my orginal question... do you think jailbreaking alone causes problems with the phone or the problems arise when you add apps?
No and the only app that is known to cause problems is Kate.

No and the only app that is known to cause problems is Kate.

iBlacklist as well causes numerous problems on the phone although I think the app is soo cool.

If you jailbreak a phone and install an application that replaces a default iphone application, when apple releases an update to the original application does it over-write the custom app that you installed? Thank you.