Does Jailbreaking Compromise Security?

Discussion in 'iPod touch' started by MaxMike, Aug 11, 2010.

  1. MaxMike macrumors 6502

    Joined:
    Dec 6, 2009
    #1
    I have a 1st generation iPod touch that is jailbroken on 3.1.3. I have added around 3 sources to Cydia and I am not sure if my security is compromised with the jailbreaking done. Because of my concern, I have not logged into the Bank of America app for my personal account since before I jailbroke my device. Are there risks or am I being a bit too paranoid? :confused:
     
  2. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #2
    As long as you install the PDF Loader Warning, and change your root/mobile password (only if you installed OpenSSH) your fine. At this point in time a jailbroken 1G iPod Touch is safer then a nonjailbroken 1G iPod Touch.
     
  3. MaxMike thread starter macrumors 6502

    Joined:
    Dec 6, 2009
    #3
    Is the PDF Loader an update through iTunes? And how would I go about changing the root/mobile password? I have used WinSCP a few times
     
  4. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #4
    PDF Loading Warning is in Cydia. It helps prevent the hole that allows the jailbreakme.com thing to work. Jailbreakme.com uses a security to run it's own code and jailbreak the iDevice. This hole could also allow malicious code to be run, that is why it is wise to install the PDF Loading Warning. To change your root and mobile passwords do the following. Install Mobileterminal through Cydia. Then open it and enter the folloing lines:
    Code:
    login:root
    password:alpine (you will not see the password being typed out)
    passwd
    old password:alpine
    new password: [enter a new password] (you will not see the password being typed out)
    enter new password again:[your new password] (you will not see the password being typed out)
    login:mobile
    password:alpine (you will not see the password being typed out)
    passwd
    old password:alpine (you will not see the password being typed out)
    new password: [your new password] (you will not see the password being typed out)
    enter new password again:[your new password] (you will not see the password being typed out)
    
    There may not be any "enter old password" lines when you run it. I don't have my iPhone with me right now so I can't check.
     
  5. MaxMike thread starter macrumors 6502

    Joined:
    Dec 6, 2009
    #5
    the password "alpine" for mobile doesn't work when it asks for the old password. Alpine did work for root, however
     
  6. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #6
    It's good that you got the more important one of the two done then. The mobile really isn't used for much.
     
  7. MaxMike thread starter macrumors 6502

    Joined:
    Dec 6, 2009
    #7
    OK. Thanks for the help! I already downloaded and installed the PDF Loader package :)
     
  8. iSpaghettiCat macrumors regular

    Joined:
    Sep 4, 2009
    Location:
    Miami, FL
    #8
    It's not even worth changing your SSH password if you don't have OpenSSH installed.

    In fact, it's much faster transferring files through USB with DiskAid. By like 200% :)
     
  9. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #9
    I've always found that USB transfers using programs like DiskAid fail to copy the whole directory, when said directory contains many more directories full of small files.
     
  10. pooryou macrumors 65816

    Joined:
    Sep 28, 2007
    #10
    The real answer is none of us know how secure or insecure it is.
     
  11. goosnarrggh macrumors 68000

    Joined:
    May 16, 2006
    #11
    As of today, it seems quite clear that Apple will not be releasing any in-house security fix for 1G iPod touches in response to the notorious PDF vulnerability. If they were going to do so, they would have released it in parallel with iOS 3.2.2 and 4.0.2.

    That being the case, they probably won't release any security fixes for any other problems that may be identified in 1G iPod touches in the future.

    So going forward, if there is going to be any future source for potential patches to 1G iPod touches (such as the "PDF Loader Warning" workaround), it will have to come out of the jailbreak community, or else it will not come from anywhere at all.

    So, on the whole, provided you follow all the best practices advised for jailbreaking, from this day onward your 1G iPod touch will probably be safer with a jailbreak than without.

    [edit]I see that the iPhone Dev Team are going to release a package on Cydia that will deliver a patch to the FreeType library which will close the hole properly on jailbroken iDevices, going all the way back to devices running 2.x firmware. The patch the Dev Team is using is the same patch that Apple used to fix the problem, which was subsequently passed upstream to the open source maintainers of the faulty library.

    So, yeah, 1G iPod touch is officially safer jaibroken (if you follow best practices such as changing passwords, vetting software carefully before choosing to trust it, etc.) than not jailbroken.[/edit]
     
  12. iMac0765 macrumors regular

    Joined:
    Jul 7, 2010
    #12
    iPhone Dev team is working on a .pdf fix that Apple didn't fix for the first generation touches and first generation iPhones.

    It is still in testing. Follow @iphone_dev for updates. :)
     
  13. polaris20 macrumors 68020

    Joined:
    Jul 13, 2008
    #13
    I am extremely pissed at Apple right now. My iPT gen1 is just under 2 years old, yet I cannot upgrade to iOS4, and thus cannot have this patch through their official channels.

    I don't need or want iOS4; I just want the damn patch. I understand Apple chose not to upgrade 1st gen devices due to resource constraints, and that's fine.

    However it's simply unacceptable to have a 2 year old device rendered unsafe because they won't provide the damn patch.

    I guess I will be jailbreaking my iPT too, though I'm not generally a fan of that. It's sad that the people that Apple were so pissed at are the ones coming through for people that don't want to throw away their perfectly functional albeit slightly older devices.
     
  14. EllieV macrumors 6502

    Joined:
    Apr 22, 2010
    #14
    The update to fix that PDF hole, was that released? And would the iPod touch 1g get the update, because it can't update to 4.0, so why not 4.02 ( or whatever it is)
     
  15. goosnarrggh macrumors 68000

    Joined:
    May 16, 2006
    #15
    The patch to fix the PDF hole was released by Apple yesterday for 2G and 3G iPod touches, as well as iPads, and 3G, 3GS and 4G iPhones.

    Apple did not release a patch for 1G iPod touches, nor for original iPhones.

    The iPhone Dev Team is currently testing a corresponding fix (based upon the same source code modification that Apple used) for jailbroken 1G iPod touches and original iPhones. It's not ready for general consumption yet, but they're certain to release it as soon as they're satisfied it works correctly.
     

Share This Page