This story was written by Keith Dawson for UBM DeusM’s community Web site Business Agility, sponsored by IBM. It is archived here for informational purposes only because the Business Agility site is no more. This material is Copyright 2012 by UBM DeusM.

Heads Up For the Latest iOS Jailbreak

There are few upsides to having jailbroken consumer devices on the LAN.

When employees jailbreak their phones and bring them to work, IT's challenges proliferate. A new jailbreak for iPhone 4S and iPad 2 is about to make your life more interesting.

People who own an iPhone 4S or iPad 2 running iOS 5.0.1 can now jailbreak their devices. The Chronic Dev Team announced late last week that it had successfully created a new jailbreak for the iPhone 4S and iPad 2.

Most estimates of the prevalence of jailbroken iPhones range from 10 to 15 percent worldwide (here's one from last fall at 11.4 percent), though it's over one-third in China.

Jailbroken Apple devices inside your firewall are cause for some concern. The only two iPhone viruses ever found in the wild were a threat only to jailbroken phones.

Another problem that jailbreaking exacerbates on iOS devices is a root account with system privileges and a well-known default password. Every iPhone and iPad ships with two accounts (root and mobile), and both have the same password (alpine) when they leave the factory. Not all of those who jailbreak get around to changing this default, leaving those devices vulnerable to remote infiltration via SSH. (Most jailbreakers install SSH, which does not run on unbroken phones, in order to have access to the device's file system.)

If you are in the process of drafting a BYOD policy, it's not unreasonable to consider a ban on jailbroken devices on the LAN.

How it Came Down
Both the iPhone 4S and the iPad 2 run on a dual-core A5 processor. For the worldwide community of hackers working on iOS jailbreaks, the A5-powered iOS proved considerably more difficult to crack than earlier versions had been. Some past jailbreaks have been released a mere day after Apple pushed out an upgrade. This one took 10 months.

After months of futile effort, the hackers at Chronic Dev tried a new tack. They released a Mac and Windows utility called CDevReporter, which prevents iTunes from sending reports to Apple after an iOS device crashes, and instead sends them to a secure server hosted by the hackers. Within a week of calling on jailbreak aficionados to install CDevReporter, in late November of last year, Chronic Dev had accumulated 10 million crash reports. They shared these with other hacking teams and everyone began poring over the reports for signs of vulnerabilities that could be used to jailbreak iOS 5.0.1.

The Corona jailbreak that emerged from this process is of unprecedented complication and subtlety. It relies on one vulnerability to allow the bootloader to run unsigned code, in order to set up another that "just patches the kernel security features, as usual. Nothing interesting there," as one of the hackers wrote.

Jailbreaking is legal in many countries, including the US -- last summer the Copyright Office cleared the practice, over Apple's objections. But just because it's legal doesn't mean you want jailbroken iPhones inside your firewall.