In the wake of Pangu releasing the latest iPhone jailbreak, the industry will continue to debate on whether jailbreaking your iPhone is worth the security risk.
With a jailbroken iPhone, you can get past many of the locked down features to customize your iPhone in nearly any way you can imagine. However, this luxury comes with a risk that makes all the information on your phone a likely target for cyber criminals. So, if jailbreaking is such a big security risk, why do it in the first place?
What Benefits are Gained by Jailbreaking?
Jailbreaking takes advantage of a flaw in the iPhone's design to give users more control of their device. Those who jailbreak their iPhones are often lured by the appeal of customization. Programmers, third-party developers, and even users themselves can customize the underlying structure of iOS. Jailbreaking allows direct access to the file system as well as user interfaces or network capabilities that are otherwise locked down. Developers may want root access to learn more about the operating system or scour the device and applications to exploit vulnerabilities. Even every day users can benefit from jailbreaking an iPhone by enabling customizations such as a 5-icon deck or enhancing the features of the Messages app.
Security Risks of Jailbreaking
The biggest risk of jailbreaking your iPhone comes from allowing these applications to request root access on the device. If malware is installed on the device, it can escalate and gain root access - effectively having complete access to all of the data on the device. Jailbreaking takes away the safety of Apple's "walled garden" which is meant to protect users from this very threat. Aside from being susceptible to malware, jailbroken iPhones are often filled with bugs that could constantly keep crashing your phone and disable other important features.
This risk became apparent in November 2015, when an iOS jailbreak malware called KeyRaider stole 225,000 Apple ID’s and thousands of certificates, private keys, and purchasing receipts. Ultimately, victims reported their stolen accounts showed abnormal app purchasing history and in other instances, phones were locked and held for ransom.
Consider This Before Jailbreaking your iPhone
Naturally, Apple advises users do not jailbreak their iPhones. Not only is there a security risk, but it voids the device's warranty. Data from banking apps, stored passwords, and even data found in social media accounts could be at risk if this information becomes accessible from a jailbroken iPhone.
You should also think about who owns the device and what information you have on your phone. Does your employer own the device? Is your work email synced to it? Any malicious activity not only puts your data at risk, but your organization’s as well. Because jailbroken phones lack sufficient security, you are putting your organization at greater risk for a cyberattack.
Organizations who provide mobile devices to employees typically have security measures in place to prevent users from putting company data at risk. This may include further locking down phones so only certain features can be added or changed, keeping devices and apps up to date, and installing a mobile device agent that can detect a jailbroken phone. For organizations using a BYOD policy, this can be a little more difficult. Unfortunately, nothing much can be done to prevent users from jailbreaking their own devices, but they can be educated about the risks of doing so and employers can choose whether to allow employees to access certain information from their phones in the first place.