Educause Security Discussion mailing list archives
Re: Implications of Jail breaking ipod/iphones
From: Guy Pace <gpace () SBCTC EDU>
Date: Wed, 22 Jul 2009 09:53:51 -0700
Some time back, we had a jailbroken iPhone play havoc with a campus wireless network. It evidently had an alternative OS installed that was compromised or something and caused enough disruption that it affected administrative activities on portions of the network. My main issues with jailbroken iPhones, or any device that has been hacked beyond the manufacturer's firmware and OS is that it tends to introduce unstable and unpredictable behavior to the network. The devices are no longer able to get security and system updates from the vendor, and untested or suspect applications may be installed and run on them. It isn't that skilled and knowledgeable geeks can't jailbreak a device and make it stable or secure. It is that the average user, following a set of cobbled together instructions or using downloaded tools from questionable sources, will likely create a jailbroken device that has a lot of unknown, potentially dangerous issues. This could then be introduced to your network. While there are critics of Apple's approach to locking up the iPhone and how it functions, I have to grudgingly give them credit for keeping the non-jailbroken device reasonably secure and stable to date. The iPhone, as opposed to some of the other smartphone devices, is more of a platform and should be treated as such in the enterprise. Just as a desktop, laptop or other platform device can be made to work with various operating systems and leveraged to be used in good and bad ways, so can the iPhone. It isn't against the law to jailbreak them. As mentioned in another post, CSI has a benchmark document for the iPhone and other devices will follow. Look to your policy and standards. If you require desktop systems to have regular patches and updates, that should be required for the iPhone or similar device as well. If encryption or passwords are required, that should apply to the iPhone (there are tools available). Guy L. Pace, CISSP Security Administrator Information Technology Division WA State Board for Community and Technical Colleges (SBCTC) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () sbctc edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russell Fulton Sent: Tuesday, July 21, 2009 5:42 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Implications of Jail breaking ipod/iphones I have had several people ask me about this and I have tried googling around the area but most the stuff I have found consists of lists of dos and don'ts with little or no background info. The basic question is what are the security implications of jail breaking your iphone? Clearly this allows one to install applications that have not been blessed by Apple (with the risks that that entails). Are their less obvious risks such as making it easier for browser bugs to be exploited to do damage? Like most things in security I suspect that there are cases where phones should not be tampered with and others where the risk is acceptable. I would also appreciate any good references to the iPhone security model. Russell
Current thread:
- Implications of Jail breaking ipod/iphones Russell Fulton (Jul 21)
- <Possible follow-ups>
- Re: Implications of Jail breaking ipod/iphones Anderson, Sherry (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Rick Holland (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Guy Pace (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Russell Fulton (Jul 22)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 23)
- Re: Implications of Jail breaking ipod/iphones Doty, Timothy T. (Jul 24)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 24)
- Re: Implications of Jail breaking ipod/iphones Doty, Timothy T. (Jul 24)
- Re: Implications of Jail breaking ipod/iphones Adam Carlson (Jul 24)