Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPod touch Does Jailbreaking Compromise Security?

M

MaxMike

macrumors 6502
Original poster
Dec 6, 2009
487
36
I have a 1st generation iPod touch that is jailbroken on 3.1.3. I have added around 3 sources to Cydia and I am not sure if my security is compromised with the jailbreaking done. Because of my concern, I have not logged into the Bank of America app for my personal account since before I jailbroke my device. Are there risks or am I being a bit too paranoid? :confused:
 
As long as you install the PDF Loader Warning, and change your root/mobile password (only if you installed OpenSSH) your fine. At this point in time a jailbroken 1G iPod Touch is safer then a nonjailbroken 1G iPod Touch.
 
Intell said:
As long as you install the PDF Loader Warning, and change your root/mobile password
Click to expand...

Is the PDF Loader an update through iTunes? And how would I go about changing the root/mobile password? I have used WinSCP a few times
 
PDF Loading Warning is in Cydia. It helps prevent the hole that allows the jailbreakme.com thing to work. Jailbreakme.com uses a security to run it's own code and jailbreak the iDevice. This hole could also allow malicious code to be run, that is why it is wise to install the PDF Loading Warning. To change your root and mobile passwords do the following. Install Mobileterminal through Cydia. Then open it and enter the folloing lines:
Code: 
login:root
password:alpine (you will not see the password being typed out)
passwd
old password:alpine
new password: [enter a new password] (you will not see the password being typed out)
enter new password again:[your new password] (you will not see the password being typed out)
login:mobile
password:alpine (you will not see the password being typed out)
passwd
old password:alpine (you will not see the password being typed out)
new password: [your new password] (you will not see the password being typed out)
enter new password again:[your new password] (you will not see the password being typed out)

There may not be any "enter old password" lines when you run it. I don't have my iPhone with me right now so I can't check.
 
the password "alpine" for mobile doesn't work when it asks for the old password. Alpine did work for root, however
 
It's good that you got the more important one of the two done then. The mobile really isn't used for much.
 
Intell said:
It's good that you got the more important one of the two done then. The mobile really isn't used for much.
Click to expand...

OK. Thanks for the help! I already downloaded and installed the PDF Loader package :)
 
It's not even worth changing your SSH password if you don't have OpenSSH installed.

In fact, it's much faster transferring files through USB with DiskAid. By like 200% :)
 
iSpaghettiCat said:
In fact, it's much faster transferring files through USB with DiskAid. By like 200% :)
Click to expand...

I've always found that USB transfers using programs like DiskAid fail to copy the whole directory, when said directory contains many more directories full of small files.
 
Intell said:
As long as you install the PDF Loader Warning, and change your root/mobile password (only if you installed OpenSSH) your fine. At this point in time a jailbroken 1G iPod Touch is safer then a nonjailbroken 1G iPod Touch.
Click to expand...

The real answer is none of us know how secure or insecure it is.
 
As of today, it seems quite clear that Apple will not be releasing any in-house security fix for 1G iPod touches in response to the notorious PDF vulnerability. If they were going to do so, they would have released it in parallel with iOS 3.2.2 and 4.0.2.

That being the case, they probably won't release any security fixes for any other problems that may be identified in 1G iPod touches in the future.

So going forward, if there is going to be any future source for potential patches to 1G iPod touches (such as the "PDF Loader Warning" workaround), it will have to come out of the jailbreak community, or else it will not come from anywhere at all.

So, on the whole, provided you follow all the best practices advised for jailbreaking, from this day onward your 1G iPod touch will probably be safer with a jailbreak than without.

[edit]I see that the iPhone Dev Team are going to release a package on Cydia that will deliver a patch to the FreeType library which will close the hole properly on jailbroken iDevices, going all the way back to devices running 2.x firmware. The patch the Dev Team is using is the same patch that Apple used to fix the problem, which was subsequently passed upstream to the open source maintainers of the faulty library.

So, yeah, 1G iPod touch is officially safer jaibroken (if you follow best practices such as changing passwords, vetting software carefully before choosing to trust it, etc.) than not jailbroken.[/edit]
 
iPhone Dev team is working on a .pdf fix that Apple didn't fix for the first generation touches and first generation iPhones.

It is still in testing. Follow @iphone_dev for updates. :)
 
I am extremely pissed at Apple right now. My iPT gen1 is just under 2 years old, yet I cannot upgrade to iOS4, and thus cannot have this patch through their official channels.

I don't need or want iOS4; I just want the damn patch. I understand Apple chose not to upgrade 1st gen devices due to resource constraints, and that's fine.

However it's simply unacceptable to have a 2 year old device rendered unsafe because they won't provide the damn patch.

I guess I will be jailbreaking my iPT too, though I'm not generally a fan of that. It's sad that the people that Apple were so pissed at are the ones coming through for people that don't want to throw away their perfectly functional albeit slightly older devices.
 
The update to fix that PDF hole, was that released? And would the iPod touch 1g get the update, because it can't update to 4.0, so why not 4.02 ( or whatever it is)
 
GregR said:
The update to fix that PDF hole, was that released? And would the iPod touch 1g get the update, because it can't update to 4.0, so why not 4.02 ( or whatever it is)
Click to expand...

The patch to fix the PDF hole was released by Apple yesterday for 2G and 3G iPod touches, as well as iPads, and 3G, 3GS and 4G iPhones.

Apple did not release a patch for 1G iPod touches, nor for original iPhones.

The iPhone Dev Team is currently testing a corresponding fix (based upon the same source code modification that Apple used) for jailbroken 1G iPod touches and original iPhones. It's not ready for general consumption yet, but they're certain to release it as soon as they're satisfied it works correctly.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back