The realm of iOS security research has seen significant advancements in recent years. With each new iOS release, Apple tightens its grip on the operating system’s security. As a result, public jailbreaks have become increasingly rare. However, jailbreaks still play a critical role in iOS security work.
Jailbreaks are essential to iOS security work. Without jailbreaks, white-hat researchers wouldn’t be able to dynamically analyze mobile apps or discover security flaws in walled-off areas of the operating system. They enable security professionals and white-hat researchers to uncover vulnerabilities and analyze the inner workings of Apple’s mobile operating system.
Without jailbreaks, many groundbreaking discoveries would remain out of reach, and iOS security would be less robust. Most of the bugs reported to Apple’s Bug Bounty program wouldn’t have been discovered without a jailbreak, and you would be hard-pressed to find a mobile pen-testing team that doesn’t have a pile of jailbroken iPhones for application analysis.
Dynamic Analysis of Mobile Apps
Jailbreaking provides a crucial avenue for white-hat researchers to dynamically analyze mobile apps. By breaking free from the confines of the iOS sandbox, researchers can closely examine app behavior, identify vulnerabilities, and test various attack scenarios. This allows for the discovery of potential security flaws that might otherwise go unnoticed.
Exploring Walled-Off Areas
iOS, like any operating system, has areas that are off-limits to regular users. Jailbreaks grant researchers access to these walled-off regions, allowing them to investigate the deepest layers of the OS. Such access is essential for understanding the inner workings of iOS and identifying potential security vulnerabilities.
A significant portion of iOS security flaws are discovered through jailbreaking. Researchers rely on these techniques to uncover vulnerabilities that could be exploited by malicious actors. This symbiotic relationship between security researchers and Apple helps make iOS more secure.
Paradoxically, while jailbreaks are essential for security research, achieving a jailbreak on a physical iOS device necessitates the exploitation of security vulnerabilities. The purpose of jailbreaking is to enable actions not typically permitted by the operating system, such as running custom code or accessing lower-level system components. Achieving this often involves exploiting vulnerabilities, creating a dilemma for researchers.
Incentives to Withhold Vulnerabilities
The exploitation of iOS vulnerabilities to enable jailbreaks presents researchers with an uncomfortable incentive to withhold known vulnerabilities from Apple. This is because maintaining access to these vulnerabilities is crucial for their ongoing work. While this approach might be justified for research purposes, it can hinder the overall security of iOS.
The Rarity of Public Jailbreaks
Apple’s continuous efforts to enhance iOS security have made public jailbreaks increasingly rare. The company has implemented stringent security measures, requiring more complex and chained exploits to achieve privilege escalation. As a result, public jailbreaks are becoming a challenging endeavor.
The Catch-22 of Improved Security
Apple’s success in improving iOS security has inadvertently created a catch-22 situation. While iOS is more secure for end users, it has become harder for the independent security research community to identify security vulnerabilities. This, in turn, makes these vulnerabilities more valuable, incentivizing researchers to keep them hidden and potentially enticing malicious actors to search for them.
iOS 16 included a notable new feature aimed at limiting attack vectors called “Lockdown Mode,” which focuses on protecting a small but highly vulnerable set of users, such as activists and journalists. Lockdown Mode has now received an upgrade in iOS 17, including automatic geolocation data removal from photos when shared and blocking automatic connections to non-secure Wi-Fi networks. The launch of Lockdown Mode and its upgrades with iOS 17 highlights an evolving and heightened focus on the security of iOS.
As Apple continues to acknowledge and address the different threat profiles faced by different audiences, they are demonstrating an increasingly sophisticated and nuanced approach to user security. At the same time, this new iOS version continues the trend of tighter security controls, which will likely also mean a continuation of the trend of not seeing a public jailbreak for this new version anytime soon – if ever.
Corellium has introduced an innovative approach that eliminates the need to rely on security vulnerabilities for jailbreaks. Instead of exploiting vulnerabilities, Corellium’s Virtual Hardware Platform operates within a virtualized environment where the OS can simply be configured to run with escalated privileges by default – the “patches” can simply be applied at the outset.
Corellium’s virtual devices behave and function the same way a physical jailbroken device would, and they even come pre-loaded with common jailbreak tools like Cydia. In this way, Corellium is not only able to provide the security research community with immediate support for a jailbroken version of the latest OS, but it can do so without having to withhold any security vulnerabilities from Apple.
In the face of evolving iOS security measures and the scarcity of public jailbreaks, Corellium’s role becomes increasingly vital. It provides a unique platform for white-hat developers to conduct security research without the need to exploit, withhold, or retain vulnerabilities. Corellium’s contribution to the iOS security community cannot be overstated.
Jailbreaks are not just about circumventing restrictions; they are critical tools for iOS security research. Researchers depend on these techniques to identify vulnerabilities, protect users, and advance the state of iOS security. While public jailbreaks become scarcer due to Apple’s security improvements, solutions like Corellium provide an alternative path, ensuring that iOS security research remains robust and effective.
In the ever-evolving landscape of iOS security, Corellium’s support for jailbroken iOS 17 is a game-changer that empowers cybersecurity professionals to continue their crucial work.