Does iOS Jailbreak Checkra1n pose a serious security risk?
Everything you need to know about Checkra1n, the latest jailbreak for iOS.
What is jailbreaking?
The process of jailbreaking (also known as ‘rooting’ for Android) involves using 3rd party software to ‘unlock’ an iOS device such as an iPhone or iPad. This code overwrites the device’s software by removing the built in DRM (Digital Right Management) restrictions. By jailbreaking, the user removes all security and protection features on the device. Technically jailbreaking is legal much to Apple’s frustration. Over the years, jailbreaking has become increasingly more difficult to achieve on iOS. This has been due to Apple’s quick detection and patching of any system vulnerabilities.
What is Checkra1n?
Checkra1n is the latest jailbreak for iPhones released in November 2019. Typically, jailbreaks exploit vulnerabilities in the device’s software. However, Checkra1n exploits a security defect in the iphone’s hardware. This means that it can’t be fixed with a software update. Checkra1n is compatible with Apple A5 (2011) to Apple A11 (2017) devices. The jailbreak will only work when the device is rebooted. Once rebooted, the device restores itself to its original state. This means that determined users (with time on their hands) will have to jailbreak their phone every time they restart their device.
Why do people jailbreak?
The main reason people jailbreak is to have complete freedom and control over their iPhones. Thousands of jailbreakers flock to Cydia (the most popular third party app store) to install ‘tweaks’ to improve the device’s functionality and user experience. Many want the ability to customize every aspect of their device from the wallpaper to the homepage icons. Others do it to download games and specific apps that they cannot get in the official App Store. Others jailbreak to download pirated or copy-right infringing material.
What are the risks?
Jailbreaking does indeed comes with risks. Certain ‘tweaks’ can ravage battery life and can make the device unstable by causing bugs, crashes and random reboots. Dropped calls are another side effect along with poor data connections. Another hindrance is that you can no longer avail of iOS updates on a jailbroken iPhone.
Also, your Apple warranty becomes void once you jailbreak your iPhone. This is because from Apple’s perspective, you have broken their code of conduct. By removing the iOS stock features, you are stripping the device of its security defenses. The phone is now exposed and vulnerable to malware and spyware attacks as well as other malicious software.
In 2015, the jailbreak malware KeyRaider managed to steal 225,000 Apple ID’s. Apple has a strict and thorough process of vetting and approving apps that appear in their App store. Therefore, you can be fairly certain that any apps you download are safe and secure. However, when it comes to third party app stores, everything you download is a gamble.
Do you really need to worry?
It’s not inconceivable that in the last fortnight, one of your employees has used Checkra1n to jailbreak their iPhone, installed the Cydia app store and downloaded questionable software. Without mitigation, this would represent a dramatic increase in your organization’s risk of being successfully breached via mobile. So what should you do to protect against this risk? Firstly, you need to monitor the security status of your devices. Secondly, you need to ensure that once you identify a jailbroken device that you immediately take it off-line. You should automate this process to avoid the risk of overworked IT security staff missing the alert.
Deploying security solutions such as Corrata Security and Control will enable you to do this. Even if you consider the risk of Checkra1n related breached to be remote, mobile security solutions will also protect you against the near certainty that your staff will be targeted via more routine mobile attacks such as phishing or insecure Wi-Fi. And, perhaps more importantly, with mobile security taken care off, you’ll no longer have to read blogs such as this to tell you about the latest threats!
For industry news, insights and analysis – follow us on Twitter and LinkedIn!