Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hacking Team hack reveals why you shouldn't jailbreak your iPhone

Glenn Fleishman | July 7, 2015
A massive breach in the private data of a firm that sells software to governments to spy on communications shows that jailbroken iPhones are vulnerable.

Although installing the malware on a jailbroken iOS device would seemingly require physical access, the related exploit of jailbreaking via malware installed on a trusted computer would allow bypassing that limitation.

Researchers have also found so far that Hacking Team has a legitimate Apple enterprise signing certificate, which is used to create software that can be installed by employees of a company who also accept or have installed a profile that allows use of apps signed by the certificate. It was shown last November that an enterprise certificate combined with a jailbroken iOS device could be used to bypass iOS protections on installing apps. Further, Hacking Team had developed a malicious Newsstand app that could capture keystrokes and install its monitoring software.

In a stunning bit of irony, Hacking Team had many of its online accounts at social media and other sites hijacked because of poor password choices, and storing passwords in forms that could be easily readable by whatever party performed the data breach.

What can you do to protect yourself against Hacking Team and similar software? Most people are not in danger of having this software used against them, because Hacking Team's approach focuses on individual devices rather than mass interception. (Other companies and agencies work on that.) Apple's iOS security is apparently good enough that only a jailbroken phone or a compromised Mac to which an iOS device is connected are vectors to exploit.

Should you never plug an iPhone or iPad into a Mac and click Trust when prompted? It's hard to say "never," unless you're at risk of reprisal for your political activities in your country. Governments are known to use these sorts of techniques to pinpoint individuals of interest, because widespread use could disclose them, and allow operating system and other software makers to protect against them.

You can imagine that anything disclosed in this breach will be turned into fodder for Apple, Google, and others to fix wherever that's possible.

Source: Macworld


Previous Page  1  2 

Sign up for Computerworld eNewsletters.