New iPhone jailbreak released – Naked Security

Spread the love


Apple’s latest iOS versions have only been out for a week.

The updates are new enough that Apple’s own Security updates page still lists [2020-05-26T14:00Z] the security holes that were fixed in iOS 13.5 and iOS 12.4.7 as “details available soon”.

But there’s a jailbreak available already for iOS 13.5, released by the well-known security research crew known as Unc0ver:

Unc0ver works on all devices on iOS versions between 11.0 and 13.5. Below you can find a list of all devices that have been specifically tested. [List follows.]

The jailbreakers themselves claim that iPhone 11 models of all types are supported, and have been tested even after updating to the latest 13.5 release.

However, the Unc0ver list doesn’t go back further than the iPhone 6S (or the iPad Mini 5 if you’re an iPad user), and no one yet seems to have tried jailbreaking a device running iOS 12 that had already been updated to the brand new version 12.4.7.

Nevertheless, the implication is that any device capable of running any version of iOS from 11.0 or later can be liberated from Apple’s walled garden, after which many or most of Apple’s lockdown and tamper-protection measures can be bypassed.

Proceed with care

Jailbreaking, as we have said before, is not for the faint-hearted.

Nevertheless, despite the criminal-sounding name, jailbreaking is legal – as far as we know, but remember that we are not lawyers! – in the US at least.

Circumventing “copyright protection” measures such as Apple’s phone strictures hasn’t always been lawful in the US, but in recent times the US Library of Congress, which gets to adjust the regulations every three years, has opened up over its past few regulatory reviews.

In 2018, for example, the Library of Congress:

…recommended a new exemption allowing for the circumvention of TPMs [technological protection measures] restricting access to firmware that controls smartphones and home appliances and home systems for the purposes of diagnosis, maintenance, or repair.

We can thank the “right to repair” movement for a lot of the lobbying for the ongoing legalisation of jailbreaking in the US, using common-sense slogans such as “Would you buy a bike if you couldn’t fix the chain?” and “Would you buy a car if it was illegal to replace the tyres?”

Indeed, today’s US right to repair probably owes more to American farmers – who resented that they had no access to a free market when it came to repairing or servicing expensive equipment such as tractors – than to phone hacking enthusiasts, but the two groups of “modders” today find themselves united with a common cause.

How easy is finding a jailbreak?

Unfortunately, the right to repair doesn’t come, for phones at least, with a corresponding right that requires the vendor to tell you how to exercise that right.

A phone maker like Apple can’t use the law to prevent you trying to jailbreak your phone…

…but it can do its very best to stop you succeeding, and it doesn’t have to tell you what it did to stop you.

That’s why this latest iOS 13.5 jailbreak, announced so soon after iOS 13.5 itself came out, is receiving a lot of publicity.

Jailbreaks themselves, in another irony, often involve finding a security hole of their own and figuring out how to exploit it.

Is is safe?

The answer is, “Yes. And no.”

The main risk in jailbreaking an iDevice is that you are, of necessity, using it in a way that is not only unsupported but also entirely untested by Apple.

You end up using third party apps – even if they come from the App Store and are supposedly vetted by Apple – in a way that has never before been formally tested.

You’ll also typically end up using apps that simply aren’t available in the App Store, and may either be malicious by design, or be dangerous by mistake because they haven’t had the same sort of scrutiny as software that’s App Store approved.

Lastly, jailbreaking allows you to turn off some of the security barriers that are always in place on non-jailbroken phones.

For example, loading your own apps, modifying the behaviour of built-in apps, snooping on data from other apps, and peeking at other apps’ network traffic suddenly become possible, even though all those behaviours are usually blocked by Apple.

Even though a lot of the restrictions imposed by jailbreaking are there for commercial and money-making reasons, many of them keep you safer and more secure at the same time.

Should I try it?

Whether to jailbreak is a choice you have to make for yourself – assuming it’s your phone, you own it outright, and you haven’t made any promises to anyone else (such as the IT department at work) about “keeping it stock and patched”.

The good news is that the Unc0ver jailbreaks require installing a custom app, or building a custom version of an unlocking app and installing that in the same way that IT might deploy a corporate app at work.

You need to plug your iPhone into your laptop and to go through Apple’s “trust this computer” dialog (including entering your unlock code) first, so it can’t happen unexpectedly.

Also, as far as we know, the Unc0ver jailbreak needs re-applying every time you reboot.

In other words, generally speaking: you can’t end up jailbroken by mistake, so a crook can’t secretly do it for you while you’re innocently browsing the internet; and you can get rid of the jailbreak at will simply by rebooting your phone.

So we have just one piece of advice, namely that if it’s not your phone, or it’s your own phone and you use it for work, ask for permission from your IT department first.

We suspect that they will say, “No, please don’t do that,” and if they do, take it on the chin and comply.

They’ve got enough to worry about already without trying to keep control of jailbroken iPhones – or their maverick cousins, “rooted” Android devices – as well.


Latest Naked Security podcast

Leave a Reply