menu
close_24px

BLOG

What Is Jailbreaking an iPhone? How Does It Work?

An iOS jailbreak gives you administrator control over iOS. What exactly does jailbreak mean, and what are the harmful effect and threats to their devices?
  • Posted on: Jun 24, 2018
  • By Subho Halder
  • Read time 5 Mins Read
  • Last updated on: Sep 10, 2024

A lot of people these days talk about jailbreaking their smartphones. Most people think jailbreaking means connecting their devices to a computer, pressing a button, waiting for a few minutes, and voilá! You have successfully jailbroken your iPhone.

However, the reality is a little more complex than that.

What does jailbreaking an iPhone mean?

Jailbreak means allowing third-party applications to be installed on your Apple device. Contrary to popular belief, running third-party applications on your device is entirely legal since James H. Billington's DMCA revision.

Jailbreaking permits root access to the iOS file system and manager, allowing the download of additional applications, extensions, and themes that are unavailable through the official Apple App Store.

The only thing that prevents people from doing a jailbreak is Apple itself.

 

Types of iOS jailbreaks

When a device boots, it starts by loading the Apple kernel. The device must then be exploited and have the kernel patched each time it is turned on.

 

  • Untethered jailbreak

An "untethered" jailbreak is a process where a jailbreak is achieved without the need to use a computer. As the user turns the device off and back on, the device starts up completely, and the kernel is patched without the necessity of a computer.

While this sounds easy, this kind of jailbreak is harder to make and requires extensive reverse engineering and experience.

 

  • Tethered jailbreak

With a "tethered" jailbreak, a computer is needed to turn the device on each time it is rebooted. If the device starts backing up on its own, it will no longer have a patched kernel and may get stuck in a partially started state.

Basically, the computer's purpose is to "re-jailbreak" the phone each time it is turned on.

 

  • Semi-tethered jailbreak

There is also a third kind called a "semi-tethered" solution. What this essentially means is that when the device boots, it will no longer have a patched kernel, which means you will not be able to run any modified code. But it can be used for normal functions.

When you need to use features that require a modified code to run, the user must start the device with the help of a jailbreaking tool.

 

[Must Read] The Ultimate iOS Security Checklist While Launching Your iOS App

 

Why avoid a jailbreak?

There are numerous reasons why you should avoid jailbreaking your iPhone or iPad. Once you jailbreak, you will be forced to jailbreak each time you receive a new iOS update. Moreover, you will get those updates much later than other devices.

Jailbroken devices are also known to be potentially unstable. You might have problems with your system, your apps will tend to crash frequently, and the phone will reboot more often. 

During the jailbreak process, there is also a chance that you might end up bricking your iDevice. This term refers to some software issue that might lead to your device becoming useless without getting some hardware replacement.

And most importantly, the fact that jailbroken devices are more prone to cyberattacks can’t be denied.

 

Good Read- iOS App Security: 6 Ways How Apple Protects the User’s Data

 

How does a jailbreak work?

Jailbreak allows you to control the root and media partition of your device, where all the iOS files are stored. To do this, /private/etc/fstab must be patched.

fstab is like a switch that controls permissions to the root and media partitions. By default, it is set to a 'read-only' mode, allowing you to view only but not make any changes. To be able to make modifications, we have to set the fstab to 'read-write' mode. It is the switch room of your device that controls the permissions of the root and media partitions.

While this might sound easy, the biggest problem is getting all the files that you need through the various checkpoints. The checkpoints are Apple's way of ensuring that the file is legit or a third party. Every file is signed by a key, and without it, the file will be put aside and unusable.

So, where do we get the key? Well, it's not as easy as it sounds.

Access to the door can be provided if we either unscrew the lock (patch all checkpoints) or find a back door entry (bypass). Patching is a difficult task and is mostly not worth the effort. So, most people who jailbreak will try to find a backdoor entry or a bypass.

Before we understand how to bypass these checkpoints, we must learn a little more about jailbreaks.

 

Critical Insights into iPhone Jailbreaks

 

1. The boot process

Every time an Apple device boots up, it goes through a "chain of trust." This is basically a series of checks ensuring Apple approves everything running.

Usually, the order is as follows:

  • Runs bootrom
    Also called "SecureROM" by Apple, it is the first significant code that runs on an iDevice.

  • Runs bootloader
    Generally, it is responsible for loading the main firmware.

  • Loads kernel
    The bridge between the iOS and the actual data processing is done at the hardware level.

  • Loads iOS
    This is the final step in the chain. iOS starts, and we get our nice "Slide to Unlock" view.

Now that you know how to boot your device, let's go a step further.

 

2. The roadblock

While the kernel is loading, thousands of tests are performed to ensure that everything is loaded and Apple-approved.

To be more specific, there are many checks throughout the boot process that look for a signature or a key. If the key is correct, we get a green light. If it is wrong, depending on where the check was or what file it was in, it will either crash the device, causing a loop, or simply ignore it and not execute that particular file at all.

 

3. The objective of a jailbreak

As a jailbreaker, your objective is to either patch the checks or bypass them. As mentioned before, the conventional and fairly less cumbersome process is to bypass.

This brings us to two broad categories of exploits:

  • Bootrom exploit
    This exploit is done during the bootrom. It can't be patched by a conventional firmware update and must be patched by new hardware. Since it occurs before almost any checkpoint, the malicious code is injected before everything, thus allowing a passageway to be created to bypass all checks or simply disable them.

  • Userland exploit
    The userland exploit occurs during or after the kernel has loaded and can easily be patched by Apple with a software update. Since it occurs after all the checks, it injects the malicious code directly into the kernel's openings. These openings are not easy to find, and once found, they can be patched.

The security loopholes of a jailbreak

Jailbreaking your iPhone or iDevice has some pros, the most important of which is the ability to access and use third-party apps.

A jailbreak can also open up a lot of security loopholes:

1. Third-party apps can be dangerous

There’s a reason Apple imposes more restrictions than any other mobile OS. A malicious app can wreak havoc on your device.

It’s always possible to get a bad app, but if you start downloading apps that Apple hasn’t approved for the app store, the chances of getting malware go up.

 

2. Security patches will not download

After you’ve jailbroken your iPhone or iPad, you won’t be able to update iOS without reverting to the un-jailbroken default mode.

While this isn’t a big deal, most people who have jailbroken their iOS devices will wait until a new jailbreak is available for the update before downloading and installing it so that they don’t have to go back to the stock iOS implementation for an extended period.

 

3. Everyone knows the default password

One of iOS's worst-kept secrets is its root password, “alpine.” Everyone knows it, and Apple doesn't intend to change it.

The root password gives a user access to the device's core functions, which can be disastrous if it falls into the wrong hands. The good thing is that this password can be changed from a shell app, but post-jailbreakers often forget to do this, leaving their devices open to vulnerabilities.

 

In conclusion

It is not easy to jailbreak a device. It requires a lot of skill, experience, and patience, and you should know everything about iOS Jailbreak Detection. 

I hope this post helps establish that point. I hope that next time you think about jailbreaking your device, you understand the whole process and are aware of the security issues that come with it.

Apps installed on jailbroken devices are more exposed to their critical information.
Ensure your app is secured even if it sits on a jailbroken device.

Book a Demo