Jailbreaking opens iPhone push security hole

According to a new article by AppleInsider, Jailbreaking may be hazardous to your phone's health and security. Owners of jailbroken and unlocked iPhones may receive Push Notification Service (PNS) messages intended for other people. PNS messages can be innocuous, such as an instant message, or potentially disastrous, such as a remote device wipe command. Prince McLean writes:

Jailbreaking the iPhone involves working around Apple's security system to enable the device to run unsigned software. The iPhone's applications, just like its PNS communications, are encrypted using security certificates to prevent tampering, spoofing, or spying by malicious third parties.

Destroying the application security layer of the iPhone does not itself automatically break PNS, but (when combined with an "unofficial activation" required to use it with unofficial service providers) results in the system having no legitimate certificates to use in performing push notifications. Essentially, if the phone is not properly activated as intended through iTunes, the user's credentials for signing into Apple's PNS messaging servers (which are generated by the device itself in normal conditions) are broken along with the application security layer.

Dev team hackers trying to get jailbroken, alternatively activated phones to work with PNS allegedly made the mistake of adding an existing certificate to "fix" the problem. The hack simply identifies the new jailbroken phone to Apple as another phone that already exists, enabling messages to be sent to the wrong device.

The problem was first noticed by Till Schadde, founder and CEO of equinux inc.. "Take extreme caution when sending AIM msg to people w/ hacked iPhones," Till warned in a tweet on Tuesday. "Push service broadcasts your msg to strangers." To prove the security hole, he posted a screenshot from one of the phones that got a message intended for someone else. So far no malicious exploits have been reported in the wild.