iPhone is the safest and secured phone

[eyoungren]

I recall a few articles last a year or two ago on the whole subject.

http://www.businessinsider.com/thousands-of-jailbroken-iphones-hacked-2015-8

https://ios.gadgethacks.com/how-to/protect-yourself-from-biggest-jailbreak-hack-history-0164226/

Yep. That was KeyRaider, the keylogger I mentioned.

You'll note that the first article says nothing about HOW these devices were compromised. The fact that jailbreakers installed a shady repo and a tweak that opened them up to KeyRaider would have been an inconvenient fact against the story's anti-jailbreak bent.

Again, these jailbreakers exposed themselve to this by their own actions.
[doublepost=1495580409][/doublepost]

Good analogy, but to add to it, even if you stay in a safe part of town, someone malicious can always come by and break into your car so a locked car is still more secure.

But yeah, generally you are about as safe jailbroken than not as long as you stick to legitimate sources and aren't trying to pirate apps.

Sure, there is always that factor. But that goes back to someone (malware) deliberately seeking you (a general you) out. In those cases I would argue that you're more likely to be collateral damage instead of the intended target.

 

[cynics]

Yep. That was KeyRaider, the keylogger I mentioned.

You'll note that the first article says nothing about HOW these devices were compromised. The fact that jailbreakers installed a shady repo and a tweak that opened them up to KeyRaider would have been an inconvenient fact against the story's anti-jailbreak bent.

Again, these jailbreakers exposed themselve to this by their own actions.

Human error and/or complacency will always exist though and shouldn't be completely discounted when referencing security. Many people that find themselves victims of crimes could have done a lot to prevent it yet we don't typically pin the blame on them.

I'm more or less playing devils advocate at this point because like you I thoroughly believe we are all responsible for our own actions to a certain extent.

However I feel your side of the debate is akin to saying its the victims fault for being affected by wannacry because their system wasn't up to date. Yes they could of taken action to prevent it, very true. However blaming them is negating the actual criminals and their nefarious actions.

We could say this about not only about most viruses, worms, etc on any computer system but any crime in general. "these victims (jailbreakers) exposed themselves to their own crimes by their own actions". Actually what a criminal is looking for, an easy target.

Again I'm playing devils advocate for the most part but what do you think?

 

[eyoungren]

Human error and/or complacency will always exist though and shouldn't be completely discounted when referencing security. Many people that find themselves victims of crimes could have done a lot to prevent it yet we don't typically pin the blame on them.

I'm more or less playing devils advocate at this point because like you I thoroughly believe we are all responsible for our own actions to a certain extent.

However I feel your side of the debate is akin to saying its the victims fault for being affected by wannacry because their system wasn't up to date. Yes they could of taken action to prevent it, very true. However blaming them is negating the actual criminals and their nefarious actions.

We could say this about not only about most viruses, worms, etc on any computer system but any crime in general. "these victims (jailbreakers) exposed themselves to their own crimes by their own actions". Actually what a criminal is looking for, an easy target.

Again I'm playing devils advocate for the most part but what do you think?

I can see where you'd think I might be saying it's the victims fault.

However, that ignores one crucial element and that is the conscious decision to jailbreak.

Absent any drive by silent jailbreaking done via governmental/organizational sources or as a joke by your little brother/sister/cousin/etc who had your phone alone for ten minutes, the vast majority of jailbreakers have made the voluntary decision to jailbreak. It wasn't done against their knowledge.

If you voluntarily put yourself in that spot with the full knowledge of the consequences, how can you claim the innocent victim?

When you choose to jailbreak you are shifting the responsibility for your security from the safe arms of Apple's app store to yourself. You, personally become responsible for your security. That's one of the things you take on when you choose to jailbreak. Being blasé about security at that point is on you (those who jailbreak and do this).

Concerning, recent events, I don't blame individuals (WannaCrypt) except in the case of being aware and having suffcient time to do something about it.

Yes, criminals are looking for an easy target. As a jailbreaker, it's my responsibility to present as difficult a target as I can. And that means taking personal responsibility for the repos I add and the tweaks I install.

 

[cynics]

I can see where you'd think I might be saying it's the victims fault.

However, that ignores the one crucial element and that is the conscious decision to jailbreak.

Absent any drive by silent jailbreaking done via governmental/organizational sources or as a joke by your little brother/sister/cousin/etc who had your phone alone for ten minutes, the vast majority of jailbreakers have made the voluntary decision to jailbreak. It wasn't done against their knowledge.

If you voluntarily put yourself in that spot with the full knowledge of the consequences, how can you claim the innocent victim?

When you choose to jailbreak you are shifting the responsibility for your security from the safe arms of Apple's app store to yourself. You, personally become responsible for your security. That's one of the things you take on when you choose to jailbreak. Being blasé about security at that point is on you (those who jailbreak and do this).

Concerning, recent events, I don't blame individuals (WannaCrypt) except in the case of being aware and having suffcient time to do something about it.

Yes, criminals are looking for an easy target. As a jailbreaker, it's my responsibility to present as difficult a target as I can.

I guess we will have to end up agreeing to disagree.

I fully understand your logic and its sound in its own context no doubt....

However lets look at it this way....and btw we are still assuming that a piece of jailbreak malware needs to be installed by the user and there is no way a worm can infect the system, which IMO is dangerous thinking....

If you have an iPhone that isn't jailbroken and one that is would you say without a shadow of a doubt they are both equally vulnerable to an attack be it in or out of the users possession (assuming they were both locked equally)?

 

[eyoungren]

However lets look at it this way....and btw we are still assuming that a piece of jailbreak malware needs to be installed by the user and there is no way a worm can infect the system, which IMO is dangerous thinking....

Absolutely dangerous thinking.

If you have an iPhone that isn't jailbroken and one that is would you say without a shadow of a doubt they are both equally vulnerable to an attack be it in or out of the users possession (assuming they were both locked equally)?

No I can't unequivocally make that statement. There are too many variables and if the attacker knows which jailbreak you have it would make the attack vector easier.

Which of course is the setup to declaring my initial statement false. And I'll give you that based on the scenario you've presented.

However, I'd argue that real-world circumstances are such that in general my statement is true.

But I won't deny that there can be extenuating circumstances that make it false.

 

[cynics]

Absolutely dangerous thinking.


No I can't unequivocally make that statement. There are too many variables and if the attacker knows which jailbreak you have it would make the attack vector easier.

Which of course is the setup to declaring my initial statement false. And I'll give you that based on the scenario you've presented.

However, I'd argue that real-world circumstances are such that in general my statement is true.

But I won't deny that there can be extenuating circumstances that make it false.

Well I wasn't trying to set you for failure more than let you see my way of thinking on the subject.

I also feel the same way about MacOS's way of dealing with 3rd party software however I will happily admit if you block it all it makes a Mac pretty much useless for the majority of people. Risk reward sort of thing....

 

[eyoungren]

Well I wasn't trying to set you for failure more than let you see my way of thinking on the subject.

I get it. And that's fine. It's a valid point.

I'm just acknowledging it for the record. Defending a position is one thing, refusing to acknowledge error or inconsistancy is another.

 

[j2ee]

Very simple
When you upload app in apple store, they seriously check everything before approve it.

Google store, they dont care at all, instant upload, then they may care and check only if many people report an app

 

[silverblack]

I agree that iPhone is safer than Android, in protecting the data inside the phone in the event that the phone is lost.

For android phone with an SD card, anyone can access the files on it. Even the data on the system drive could be accessed, I would think.

For iOS, I am no hacker, but I would think it is very difficult to access the data when the iPhone is iCloud locked.

 

[eyoungren]

For iOS, I am no hacker, but I would think it is very difficult to access the data when the iPhone is iCloud locked.

Yes.

Some people seem to think that jailbreaking can give you access to an iCloud locked device ('cause, you know - jailbreakers). We get a lot of posts like that in the jailbreak forums (here on MacRumors).

The problem is that in order to jailbreak a device you need to already have the device setup and unlocked. You cannot jailbreak a device from the lockscreen (at least not with the tools available to the general public).

So, it becomes a circular kind of thing. You need to get past iCloud lock to jailbreak which means you can't jailbreak to get past iCloud lock.

Apple adding iCloud lock was a wonderful theft prevention tool.

 

[j2ee]

More ignorant comments.

Read this:
https://www.lifewire.com/is-google-play-safe-153675

I use android and that's why I only use apps which have been downloaded at least close to million times. Because Apple staff really manually check every app inside out, normally take around a week before approving an app as you can read from above. Android!? LOL just using a scan which can be by passed by good hacker as you can read above. It is so easy for a new app making so many phones affected and Google may not even knows before too late.

 

[biscuit0819]

Very few people buy on security concerns. I, however, would NOT buy certain Android phones specifically because they are build to be surveillance devices (I'm talking the absurdly inexpensive Chinese phones).

Is there any evidence of this or are you just speculating? It'd be an ingenious move to track the nation but it's the first I've heard of it.

 

[ariahault]

https://forums.macrumors.com/threads/icloud-account-security-breached.2040772/

 

[j2ee]

Is there any evidence of this or are you just speculating? It'd be an ingenious move to track the nation but it's the first I've heard of it.

Very honestly I expect US gov can get into any main platform from US giant corp like windows, android, ios. The best prove is the recent wannacry. Microsoft said US gov found the hole but didnt tell them. Do you really believe it was not a very well designed backdoor that were co designed by us gov and microsoft that only they know but no one else could figure out for decade until it is leaked now? Xp to now, like 15 years

 

[Ulenspiegel]

Naked Security by SOPHOS (30 Jan 2016):

"... about 50,000 new apps are admitted to Google Play each month, with just under 2,000,000 apps in there altogether.

At that rate – more than one new app each minute – there isn’t a whole lot of time for scrutiny and due diligence, whether by human, or computer, or both.

Mistakes happen, to the point that during 2015, malware samples from more than 10 different families made it past Google’s checks and were installed more than 10,000,000 times..."

 

[NT1440]

Is there any evidence of this or are you just speculating? It'd be an ingenious move to track the nation but it's the first I've heard of it.

https://www.cyberscoop.com/android-malware-china-huawei-zte-kryptowire-blu-products/

If you have an intelligence agency, Android is a beautiful target.

 

[gnasher729]

Proprietary makes it more vulnerable to hacking. That's not a positive. It's a massive negative. IPhone security has been through good internal design, walled garden application loading, and luck.

I think security is quite independent of being "proprietary". What counts is having developers who know what they are doing, who have the support of their management, and importantly how any compromises between security and convenience are handled.

A trivial case of security vs. convenience: Lots of things on my computers are protected by two factor authentication. To attack me, you need to steal my username, password, and my iPhone (unlocked). Without two factor authentication you would only need to steal my username and password. So it's more secure. It's also less convenient, because from time to time a need to take my phone out of my pocked, read a six digit code, and type it in somewhere. That's inconvenient. Your choice if you want convenience or security.

iPhone security against hackers (or governments) unlocking your code is quite good, because the guys implementing it are competent, and they have the support of their management. Sometimes security in five your old devices is not perfect, but most of the time these things are already fixed in newer devices. Of course when you buy an iPhone 8, nobody can predict what attacks hackers can come up with in the next five years - but you can be quite confident that whatever is used to breach an iPhone 8 will already be fixed on the iPhone 10 that is the latest best seller.

"Proprietary" doesn't help much, except you can expect anyone being incompetent to hide what they are doing. Apple has published a lot of information how their security works. And for various good reasons, a lot of it is of the type "even Apple itself couldn't break this. We designed it so that we can't break it". Again, that's security vs. convenience: If a relative dies while their phone is locked, you won't be able to unlock it and use it, and Apple won't be able to help you.

On the other hand, an open implementation doesn't mean it's safe. There was the whole OpenSSL debacle. I had the joy and fun to look at some of the source code, and it was just bad. It was impossible to figure out what anything in that code was doing. I've rarely been swearing that much looking at anyone's source code. There were some big bugs that could be and were exploited, but they were very, very hard to find. (To be fair, the main author apparently wrote it because he wanted to teach himself C++ programming, and though something like OpenSSL would be a worthwhile practice project. So we can't really blame him. We can blame the community for living with this mess).
[doublepost=1495799919][/doublepost]

Also you need to remember, Apples iCloud has been hacked a few times, as reported in the media, so it's not as secure as you claim because that's where the iPhone automatically backs up to. I don't give Apple kudos for that!

Ok, give us some believable evidence that iCloud was _ever_ hacked. There is none. As usually, you are making it up.
[doublepost=1495800442][/doublepost]

If you have an iPhone that isn't jailbroken and one that is would you say without a shadow of a doubt they are both equally vulnerable to an attack be it in or out of the users possession (assuming they were both locked equally)?

It depends. First, during the jailbreak, you allowed the code created by some third party company to take control of your code. That's in my opinion the biggest vulnerability: Whoever created that jailbreak could have accepted a million dollars (or a get-out-of-jail-free card) from the NSA, and now the NSA has control of your phone.

Second, there have been jailbreaks that opened stupid security holes on iPhones. One that allowed remote login with a known default password; that was quite awfully bad. I haven't heard such things recently.

Third, you can download apps from third party sites. That obviously opens any amount of possible vulnerabilities. Especially if a jailbreak destroys the separation between apps (don't know if it can).

The first hurdle to attack your iPhone is unlocking it. This ability is nowadays hidden _very_ deeply inside the iPhone hardware. It might be impossible for a jailbreak to even affect this; in this case jailbreaking would be as safe against unlocking the phone as a non-jailbroken phone

 

[j2ee]

I think security is quite independent of being "proprietary". What counts is having developers who know what they are doing, who have the support of their management, and importantly how any compromises between security and convenience are handled.

A trivial case of security vs. convenience: Lots of things on my computers are protected by two factor authentication. To attack me, you need to steal my username, password, and my iPhone (unlocked). Without two factor authentication you would only need to steal my username and password. So it's more secure. It's also less convenient, because from time to time a need to take my phone out of my pocked, read a six digit code, and type it in somewhere. That's inconvenient. Your choice if you want convenience or security.

iPhone security against hackers (or governments) unlocking your code is quite good, because the guys implementing it are competent, and they have the support of their management. Sometimes security in five your old devices is not perfect, but most of the time these things are already fixed in newer devices. Of course when you buy an iPhone 8, nobody can predict what attacks hackers can come up with in the next five years - but you can be quite confident that whatever is used to breach an iPhone 8 will already be fixed on the iPhone 10 that is the latest best seller.

"Proprietary" doesn't help much, except you can expect anyone being incompetent to hide what they are doing. Apple has published a lot of information how their security works. And for various good reasons, a lot of it is of the type "even Apple itself couldn't break this. We designed it so that we can't break it". Again, that's security vs. convenience: If a relative dies while their phone is locked, you won't be able to unlock it and use it, and Apple won't be able to help you.

On the other hand, an open implementation doesn't mean it's safe. There was the whole OpenSSL debacle. I had the joy and fun to look at some of the source code, and it was just bad. It was impossible to figure out what anything in that code was doing. I've rarely been swearing that much looking at anyone's source code. There were some big bugs that could be and were exploited, but they were very, very hard to find. (To be fair, the main author apparently wrote it because he wanted to teach himself C++ programming, and though something like OpenSSL would be a worthwhile practice project. So we can't really blame him. We can blame the community for living with this mess).
[doublepost=1495799919][/doublepost]
Ok, give us some believable evidence that iCloud was _ever_ hacked. There is none. As usually, you are making it up.
[doublepost=1495800442][/doublepost]

It depends. First, during the jailbreak, you allowed the code created by some third party company to take control of your code. That's in my opinion the biggest vulnerability: Whoever created that jailbreak could have accepted a million dollars (or a get-out-of-jail-free card) from the NSA, and now the NSA has control of your phone.

Second, there have been jailbreaks that opened stupid security holes on iPhones. One that allowed remote login with a known default password; that was quite awfully bad. I haven't heard such things recently.

Third, you can download apps from third party sites. That obviously opens any amount of possible vulnerabilities. Especially if a jailbreak destroys the separation between apps (don't know if it can).

The first hurdle to attack your iPhone is unlocking it. This ability is nowadays hidden _very_ deeply inside the iPhone hardware. It might be impossible for a jailbreak to even affect this; in this case jailbreaking would be as safe against unlocking the phone as a non-jailbroken phone

Your iphone against gov is just an assumption. I dont think wannacry is a hole, it should be a designed backdoor by microsoft just for us gov. Very likely same thing in android and ios. Us gov needs to pay million to crack iphone should be just marketing.

 

[biscuit0819]

https://www.cyberscoop.com/android-malware-china-huawei-zte-kryptowire-blu-products/

If you have an intelligence agency, Android is a beautiful target.

Okay that's scary. Maybe we really do have to assume that nothing is private anymore. They said it hasn't affected handsets shipped to the US but there's no way I'd go near ZTE or Huawei after reading that.

 

[NT1440]

Okay that's scary. Maybe we really do have to assume that nothing is private anymore. They said it hasn't affected handsets shipped to the US but there's no way I'd go near ZTE or Huawei after reading that.

The thing is, that's just one particular story about one particular country. Every country with an intelligence agency is surveilling on any and all platforms that they are capable of, Android provides a huge number of attack vectors given that (especially in poorer nations) the vast majority of the install base is horribly out of date and will never receive updates.

 

[cynics]

It depends. First, during the jailbreak, you allowed the code created by some third party company to take control of your code. That's in my opinion the biggest vulnerability: Whoever created that jailbreak could have accepted a million dollars (or a get-out-of-jail-free card) from the NSA, and now the NSA has control of your phone.

Second, there have been jailbreaks that opened stupid security holes on iPhones. One that allowed remote login with a known default password; that was quite awfully bad. I haven't heard such things recently.

Third, you can download apps from third party sites. That obviously opens any amount of possible vulnerabilities. Especially if a jailbreak destroys the separation between apps (don't know if it can).

The first hurdle to attack your iPhone is unlocking it. This ability is nowadays hidden _very_ deeply inside the iPhone hardware. It might be impossible for a jailbreak to even affect this; in this case jailbreaking would be as safe against unlocking the phone as a non-jailbroken phone

Good points.

I've never had a jailbroken iPhone so I can't speak from any experience. But depending on system flexibility (which I'm completely unaware of) I guess one could argue you can make sure phone MORE secure if you knew exactly what you were doing.

Linux is a good example of this. Out of the box its generally pretty good, however with a certain amount of skill and knowledge you can really lock it down (depending on distro of course). Obviously that isn't a completely fair comparison with a jailbroken iPhone which inherently relies on hacks in the first place but I feel its a reasonable analogy.

 

[nebo1ss]

The iPhone is more save than some of us realise it even saves lives.

http://www.bbc.co.uk/news/uk-wales-north-west-wales-40045682