5 Reasons Jailbreaking Your Phone is a Bad Idea

 Screen Shot 2014-01-07 at 3.07.13 PM.png

 

As you may already know, the Evasi0n7 jailbreak for iOS7 was released during the holidays, and many scrambled to get it installed as soon as possible.

 

What many don’t know is how utterly bad jailbreaking is for your device. Let us count the ways…

 

  1. It Lowers Your Shields: Modern mobile operating systems go to great lengths to keep you safe from various threats. From malicious applications that you install to potential weaknesses in your underlying operating system, a crazy number of controls exist on a stock mobile device to keep you and your data safe.

    Jailbreaking removes much of that security.

    If you think about why that is, it makes a lot of sense. Jailbreaking is a complete subversion of your device’s security system. It’s literally the payload left behind after an exploit of your phone’s security system.  While this allows you some cool functionality, it comes at significant expense.

    In other words, the good news is you get to run some scary/interesting applications on your phone afterwards that aren’t nearly as restricted as before. The bad news is you are then running some scary/interesting applications on your phone afterwards that aren’t nearly as restricted as before.

    Double-edged swords aren’t as double-edged as this.
  2. You Don’t Know Exactly Who’s In Charge of Your Phone Afterwards: As discussed above, a jailbreak is a team of hackers throwing the kitchen sink at an operating system until they find a flaw they can exploit. Once found, they write an exploit that allows them to subvert the security system and install their own code.

    Then people go and download that code the hackers made, and install it instead of the vendor version. What could possibly go wrong? Maybe this—where part of the jailbreak package was downloading content from unknown Chinese servers unbeknownst to most everyone until later.

    Bottom line: you’re giving up a lot of trust to people you don’t know when you install an unknown software package (including the kernel) as your device’s operating system.
  3. You Can Void Your Warranty: Not unimportantly, it’s against the terms of service to modify your phone in this way, so if your phone vendor finds out they can void your warranty and tell you to pound sand.
  4. Your Phone Tends to Be Far Less Stable, and Can Even Be Bricked: Another downside to running jailbroken is that your phone is likely to act far more wonky than before. Think of it like alpha code, not ready for release, created by a small number of people and didn’t do near the normal amount of testing. 

    Especially think of it that way because that’s what it is.
  5. You Get Locked Out of OS Updates: If you’re jailbreaking and you’re aware of everything above already then this last bit might not bother you as much, but another downside is that once you’re jailbroken you’re on your own in terms of security updates—meaning, you’re not getting any.

Well, that sounded fairly horrific.

 

Keep in mind that if you have a use case that requires a jailbreak, there can be some real benefits to it. For mobile security testers, for example, those shields being down really helps us test mobile applications more easily and thoroughly. And I’m sure there are other similarly legitimate reasons for wanting to jailbreak.

 

The point of this was simply to point out that there are downsides, and that you don’t want to just go rushing into it because you heard there was cake.

 

::

Daniel Miessler is a Principal Security Architect with Fortify on Demand, and can be reached at daniel.miessler@hp.com and on Twitter at @danielmiessler

 

Comments
Alan Smithee(anon) | ‎01-09-2014 12:49 PM

The irony is that by rooting my Android phone, I'm able to get custom ROMs built off Google's current code base long before the handset manufacturer or carrier can push it out to me. In some ways, this makes my phone *more* secure.

CaroleLoomis | ‎01-09-2014 01:11 PM

It seems cool to have a phone that can be jailbroken, but the fun may be short lived. Thanks for alerting us to the perils.

Colin Robbins(anon) | ‎01-09-2014 01:24 PM

Maybe jailbreaking is the wrong term?

 

Howabout "Self harm", or "Assisted Suicide"?

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author
http://www.danielmiessler.com/about


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation