Greedy Apple users will trust anyone
A "jailbreak" Web site created earlier this week is already attracting hordes of iPhone and iPod Touch users who want to free their devices from the digital shackles attached by Jobs and co.
The "jailbreakme" site itself lures visitors by promising to open up the iPhone and iPod Touch to third party applications -- a luxury currently forbidden by Apple. There is no evidence to suggest that this particular jailbreak utility is at all malicious but how long will it be before copycat sites appear that have less honourable intentions?
To use the site, each visitor effectively opens up their device to the page's owners -- trusting them with pretty much all their personal and valuable data, as well as having faith they won't abuse their control over the device's microphone and camera.
In order to give users access to the third party apps, the jailbreakme page exploits an image vulnerability in Apple's Safari browser to gain root access to the iPhone and iPod Touch's system. This allows the site to bypass all the protections placed by Apple and upload the applications. The crackers even boast the ability to patch the Safari vulnerability that makes all this possible.
It appears an innocent enough site, but surely the mention of exploiting software flaws should sound warning bells to the security-conscious.
Over the past year, numerous security experts have claimed that there are no more "trusted" Web sites. This is partially because so many legitimate Web sites have either been hacked to dish out malware or their ad supplier has been hacked to serve similar so-called drive-by downloads.
We live in very strange times.
Security people have been giving us the same advice for years -- be paranoid, don't click on suspicious links, don't visit dodgy Web sites, don't download and run unknown files.
But the desire for games and more applications is driving relatively security-minded people to point their new mobile device at a Web site that was specifically designed to exploit, hack and upload unknown software onto their system.
One of the first people I know to jailbreak their Apple device was the founder of a very well-known global security firm.
This is crazy. Do we really know what is being uploaded onto the iPhone/iPod Touch when we visit these sites? How much do we care?
So despite knowing all the dangers, I fully intend to walk eyes-open into the hack that stands before me. But before I do so, I will take the precaution of first removing all my personal information from the device and just leave the music and possibly my photos.
And you can be sure that when Apple does open the platform to "legitimate" apps early next year, I will be among the first to reformat the device and once again trust it with personal data.
Has my experience in IT security made me too paranoid? Have you used a jailbreak application? Do you store confidential information on your jail-broken device? Do you trust the hackers? Why?