The average software update for any smartphone would buff up the device’s security and fill any gaps left by the previous update, right? While this may be true for a seamlessly-executed update, one of the world’s biggest tech giants made a slight misstep and didn’t release their newest update quite so flawlessly.
Over the weekend of August 17, hackers quickly jumped on a botched update from Apple for iOS, its mobile operating system. As these hackers and security researchers found, when Apple released iOS 12.4 this past June the company inadvertently reintroduced a bug it had fixed in the previous iOS update. By unpatching this vulnerability it had fixed in iOS 12.3, Apple has made it relatively easy to hack iPhone users as well as jailbreak up-to-date iPhones.
Even though the botched update allows both hacking and jailbreaking, the difference between the two is key. As most people know, hacking involves a third party accessing the private information of an individual or organization. With 72% of business owners claiming that they would likely be able to continue business operations as long as they still had their data — even after losing all other assets — the importance of a company’s digital information is apparent. It’s what keeps a business running, more so than the physical objects in the establishment.
Individuals protect their data just as fiercely. Having an iPhone that is easy to hack could put a person’s sensitive financial and security information at serious risk. To protect their data and secure it in case of a loss, individuals and organizations alike often use the cloud. About 96% of organizations have utilized some form of cloud technology. Individuals will also use this technology if they believe their private information is at risk.
By itself, jailbreaking an iPhone is less nefarious for individual and more concerning for Apple as an organization. When someone jailbreaks an iPhone, they are hacking into Apple’s iOS operating system and unlocking it to give themselves the ability to customize the phone. Just as 90% of homeowners change the style of a master bathroom during an upgrade to suit their preferences, jailbreaking allows iPhone users to make their phones uniquely their own. By circumventing Apple’s software, users can then write or install other software that would usually be forbidden by Apple’s restrictions.
In 2007, a tech-savvy hacker discovered and posted the world’s first jailbreaking step-by-step procedure online. Millions of people then used subsequent jailbreaks and a website even popped up that allowed users to jailbreak their phones just by visiting it.
Since then, Apple has cracked down on the ease of jailbreaking by quickly patching any vulnerabilities as soon as the jailbreak code is released publicly. If a security researcher develops a jailbreak now, they typically do not share it with the world. As soon as Apple fixes a bug, it is no longer valuable and the researcher loses out on the millions they could receive for discovering the bug. Vacation time might improve performance reviews by 8%, but the time off and rest could also make catching these bugs easier.
The discovery of a vulnerability in the most recent version of iOS broke with the tradition of keeping jailbreaks under wraps. Hacker Pwn20wd publicly released a jailbreaking tool that takes advantage of the bug in iOS 12.4, allowing any average user to modify the operating system and install unsanctioned third-party apps. Since the release of the tool on Aug 18, users on Twitter have been postings videos and screenshots to confirm that it works.
With the system’s bug now public knowledge, security researchers are warning iPhone owners with iOS 12.4 to be wary of suspicious internet links and attachments. Although 49% of consumers already think that their security habits make them vulnerable to information frauds such as identity theft, experts are advising caution even when doing normal activities like downloading apps or going online. Hackers could use the jailbreaking tool to bypass the usual iOS protections on board and exploit the vulnerability by installing malicious apps or web pages to take over an iPhone.
“I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what Apps they download from the Apple AppStore. Any such app could have a copy of the jailbreak in it,” Stefan Esser, a well-known researcher who teaches iOS hacking, posted on Twitter.