How jailbreaking can be used to steal your iPhone password keychain

How jailbreaking can be used to steal your iPhone password keychain

Summary: When we think about jailbreaking an iPhone, we normally think about removing punitive (and unnecessary) restrictions that Apple force onto handset owners. But what about then jailbreaking can be used to gain access to sensitive information on your iPhone?

SHARE:
15

When we think about jailbreaking an iPhone, we normally think about removing punitive (and unnecessary) restrictions that Apple force onto handset owners. But what about when jailbreaking can be used to gain access to sensitive information on your iPhone?

A video by researchers Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) shows the dark side to jailbreaking and how it can be used to gain access to the password keychain on a locked handset.

Here's the video:

There's a lot of sensitive password information can be extracted from an iPhone without needing to know the passcode.

And we wonder why Apple makes jailbreaking hard.

(via Sophos)

Topics: iPhone, Hardware, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • unnecessary?

    you say that and proceed to tell us how when those restrictions aren't applied bad things can happen then acknowledge that apple is doing an ok thing by making jailbreaking hard.

    .<br><br>explain.
    sportmac
    • RE: How jailbreaking can be used to steal your iPhone password keychain

      @sportmac My thoughts exactly. An "stock" iPhone has a far smaller attack footprint than a "jailbroken" iPhone - so clearly there is actually a benefit to customers in Apple shipping iPhones with these features in place.

      To claim in this blanket form that these features are "unnecessary" is at best flawed reasoning at worst disingenuous.

      Apple's primary focus is and will continue to be shipping hardware, not content. The iPhone is not there to act as a gateway to the iTunes app and music stores. It is the reverse that's true; the iTunes stores are there to make purchasing an iPhone more attractive.

      The security features are shipped with the express intention of making the "experience" of using an iPhone better; freeing the user of worrying about negative consequences of adding software to their device (in other words "malware").

      If users remove these restrictions there is a security cost. For the vast majority of users, these restrictions/security measures are better left in place.
      jeremychappell
      • RE: How jailbreaking can be used to steal your iPhone password keychain

        @jeremychappell those who give up freedom for security, deserve neither - Benjamin Franklin
        tatiGmail
      • RE: How jailbreaking can be used to steal your iPhone password keychain

        @tatiGmail

        Yep. I think it's awful that we've taken the freedom for anyone to drive without a license, just for a bit of security. I guess we don't deserve cars.

        You can try to spin Franklin's words, but you completely misunderstand (or misstate) the context.
        msalzberg
      • RE: How jailbreaking can be used to steal your iPhone password keychain

        @tatiGmail

        if you are going to quote, please quote accurately

        "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." (reference: "Memoirs of the life and writings of Benjamin Franklin," written by Benjamin Franklin, published in 1818)

        being able to hack an iPhone does not qualify as [i]essential liberty[/i] by any stretch of the imagination. no matter how you slice it, you are still able to choose a different phone at time of purchase, no one has a gun to your head telling you to purchase the iPhone or die. if you choose to purchase the iPhone anyway, that is [i]your choice[/i]
        erik.soderquist
  • RE: How jailbreaking can be used to steal your iPhone password keychain

    In all honesty, Jaibreaking will continue, so the only way to protect our phones is to jailbreak them ourselves and install our own security measures.

    As for Benjamin Franklin's words....I think it is @tatGmail that has it wrong, on a few accounts:
    1. No freedom to get in the car and drive without a license has been taken away, you still are free to do so, but if you get caught, then you will have to deal with the consequences.
    2. By taking away the freedom to do as we please with things (physically restricting something), that is when we are giving up freedom for security and that is one of the dangers that he was referring to, so in this case it definitely fits.
    cmwade1977
    • RE: How jailbreaking can be used to steal your iPhone password keychain

      @breeneng Freedom's just another word for nothing left to lose.
      snoop0x7b
  • RE: How jailbreaking can be used to steal your iPhone password keychain

    This points to Apple mis-implementing the keychain... Having root on a machine with an encrypted disk or a GPG encrypted file doesn't automatically yield the key to either unless you've done something stupid like leave the key file + the key's passphrase unencrypted on the filesystem.

    How about we all berate Apple for their shitty keychain implementation rather than apologize for their restrictive ecosystem?
    snoop0x7b
  • Not true...

    ...this is urban legend stuff.
    james347
  • Restrictions for whose benefit?

    I draw a distinction between the approach Sony have taken with their attempt to criminalise the sharing of information on jailbreaking the PS3 and Apple's approach which appears to be much more relaxed. If you want to jailbreak you can, no-one's taking you to court.

    For most users the locked-down settings are probably the best default.

    I get more annoyed about DMCA / software patents / copy 'protection'. Having got Apple's 12 days of Christmas app and got the free Doctor Who episode with it I was pretty unamused to see that dragging the iTunes window from my laptop to my external monitor caused the screen to blank with a copy protection message about the screen not being 'authorised' for that content. And no - I would never buy video content from Apple......

    I'd like to see anyone defend that garbage :-)
    011010100010100
    • RE: How jailbreaking can be used to steal your iPhone password keychain

      @011010100010100 They actually did try to take people to court over jail breaking, and they lost...
      snoop0x7b
  • Where does the article you linked to mention jailbreaking?

    Reading the article you linked to as the basis for your article it seemed the main point was that if you lost your STOCK iOS device then the person finding it (or the one who stole it depending on how it was "lost") could THEN jailbreak it and get the information.

    Your headline implies that an iPhone already jailbroken is more vulnerable and that is not the case here. It is equally as vulnerable to a physical hack as a stock iPhone or any other smartphone is.
    athynz
  • apple doesnt care get a grip

    jailbreaking offers opportunity to change ios default passwords something apple has never offered yet
    also jailbraeking community has several security [nonapple]programs free to users .apple doesnt ,and you say ''no wonder appl fights jailbreaking'' ? you need a new research team for your ios articles they are clueless as this article proves ...ask me i may consider being an reasearch assistant since i have recently lost my job due to downsizing at work
    the_boss@...
  • RE: How jailbreaking can be used to steal your iPhone password keychain

    Adrian,<br>You miss what I consider a substantial point;<br>If Apple is relying on making JB difficult, it's not working.<br>Apple needs another method to protect the users sensitive data.<br><br>Myself, I jb my i4 and changed a few things, added a few things making it significantly more difficult for someone to get to the "good" stuff.<br><br>It's time Apple got off the "Closed Controlled System" wagon and faced reality.
    rhonin
  • whether jailbreaking makes the iphone less safe is beside the point!

    The point is that Apple works very hard to control what someone has paid money to own.
    If a car company said that you can't drive in a dangerous city, you would not accept that.
    If a supplier of video technology said that you could not watch 'fill in the blank' type videos, you would not stand for it.

    So why is it okay for Apple to to tell you how you are allowed to use a product that you bought and paid for?

    I'm also referring to the ipod touch (which my wife and I each own).

    I'm not an Apple hater but I don't like ANY company that tries to control MY use of MY purchased product.
    crap@...