Jailbreaking opens iPhone push security hole

Jailbreaking opens iPhone push security hole

Summary: According to a new article by AppleInsider, Jailbreaking may be hazardous to your phone's health and security. Owners of jailbroken and unlocked iPhones may receive Push Notification Service (PNS) messages intended for other people. PNS messages can be innocuous, such as an instant message, or potentially disastrous, such as a remote device wipe command.

SHARE:

According to a new article by AppleInsider, Jailbreaking may be hazardous to your phone's health and security. Owners of jailbroken and unlocked iPhones may receive Push Notification Service (PNS) messages intended for other people. PNS messages can be innocuous, such as an instant message, or potentially disastrous, such as a remote device wipe command. Prince McLean writes:

Jailbreaking the iPhone involves working around Apple's security system to enable the device to run unsigned software. The iPhone's applications, just like its PNS communications, are encrypted using security certificates to prevent tampering, spoofing, or spying by malicious third parties.

Destroying the application security layer of the iPhone does not itself automatically break PNS, but (when combined with an "unofficial activation" required to use it with unofficial service providers) results in the system having no legitimate certificates to use in performing push notifications. Essentially, if the phone is not properly activated as intended through iTunes, the user's credentials for signing into Apple's PNS messaging servers (which are generated by the device itself in normal conditions) are broken along with the application security layer.

Dev team hackers trying to get jailbroken, alternatively activated phones to work with PNS allegedly made the mistake of adding an existing certificate to "fix" the problem. The hack simply identifies the new jailbroken phone to Apple as another phone that already exists, enabling messages to be sent to the wrong device.

The problem was first noticed by Till Schadde, founder and CEO of equinux inc.. "Take extreme caution when sending AIM msg to people w/ hacked iPhones," Till warned in a tweet on Tuesday. "Push service broadcasts your msg to strangers." To prove the security hole, he posted a screenshot from one of the phones that got a message intended for someone else. So far no malicious exploits have been reported in the wild.

Topics: Mobility, Hardware, iPhone, Security, Smartphones, Telcos

Ed Burnette

About Ed Burnette

Ed Burnette is a software industry veteran with more than 25 years of experience as a programmer, author, and speaker. He has written numerous technical articles and books, most recently "Hello, Android: Introducing Google's Mobile Development Platform" from the Pragmatic Programmers.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Is your title correct? Jailbreak vs. Unlock?

    The post seems to say that the issue is with UNLOCKED (ie, being used on a carrier other than AT&T) iPhones, not only Jailbroken ones. Jailbreaking just allows you to install non-sanctioned apps and customizations, it is not a carrier unlock.
    lostarchitect
  • RE: Jailbreaking opens iPhone push security hole

    [i]Apple[/i] push notifications going to the wrong person only seems to be a concern for those with unlocked iPhones:

    [i]Destroying the application security layer of the iPhone does not itself automatically break PNS, but (when combined with an ?unofficial activation? required to use it with unofficial service providers) results in the system having no legitimate certificates to use in performing push notifications. Essentially, if the phone is not properly activated as intended through iTunes, the user?s credentials for signing into [b]Apple?s[/b] PNS messaging servers (which are generated by the device itself in normal conditions) are broken along with the application security layer.[/i]

    On the other hand, the article [i]does[/i] point out a potential problem in jailbreaking. According to the article, you're basically taking your chances that any software you install has benevolent intent. Such software [i]could[/i], I think, cause your phone to send and receive push notifications from [i]non[/i]-Apple servers.

    Of course, this would make the iPhone no different than any other computer on the planet: You have to be careful what you install on it.
    bhartman36