A new jailbreak tool for iOS 13 enables permanent jailbreaking for all iPhone models between the 4s and X as well as for earlier iPad models.
Developed by a group of iOS hacking experts, the checkra1n jailbreak works on all devices that are capable of running iOS 13 and were made with Apple A5 (2011) to Apple A11 (2017) chips. The jailbreak does not work on iOS devices released in 2018 and 2019, which run on A12 and A13 chips.
Jailbreaking a device is always risky, and even the developers of this tool have issued a warning on the download page: “This release is an early beta preview and as such should not be installed on a primary device. We strongly recommend proceeding with caution.”
The checkra1n hack works differently from the typical iPhone jailbreak methods we’ve seen over the years. While most jailbreaks exploit vulnerabilities in the iOS software, checkra1n is a bootrom exploit that targets a security flaw in the code that runs on iOS devices during boot up, making this jailbreak unpatchable.
Why jailbreaking is a security concern
Here’s Apple’s position on jailbreaking: “Unauthorized modification of iOS can cause severe vulnerabilities, instability, shortened battery life, and other issues.”
As we covered in August when an iOS vulnerability enabled jailbreaks on versions of iOS 12, jailbreaking appeals to users who want to download apps from outside of Apple’s official App Store or change functionality and features they would otherwise be unable to customize in iOS.
But jailbreaking an iPhone or iPad separates it from the security measures within iOS. And by downloading apps that are not only unvetted and unapproved by Apple, but often designed without any intention to be vetted and approved by Apple, users with jailbroken devices put their organization at severe risk of data leaks by opening the floodgates to various types of malware.
Prevention: Checkra1n is out there, what should you do?
While tech and security admins should be on alert, jailbreaking an iPhone is not exactly a straightforward process. For checkra1n, a user would need to download the package on a Mac computer and then follow the various installation steps to get it working on an iPhone or iPad connected via USB. One YouTube tutorial showed that the process took six attempts until it worked.
If you’re a security admin, there are a few steps you can take to mitigate the chances of your users installing the jailbreak. One is to block the checkra1n website on your network to prevent users from accessing it on their computers. A stronger step is to ensure that whenever a user tries to install something on their corporate desktop computer, administrator approval is required. And if some jailbreaks get through, educating your users on why jailbreaking is ultimately not in their best interests can help get the message across.
Cure: Neutralizing the security risks caused by jailbroken devices
Wandera instantly detects when a device has been jailbroken. Automatic alerts are sent to admins, notifying them of the security threat, and to the end user with the jailbroken device, notifying them of the policy violation and the risks associated.
When a jailbroken device attempts to install a third-party app store, the communication is blocked, thus shutting down any attempts to download third-party apps. The checkra1n jailbreak attempts to install Cydia, a third-party app store, which Wandera immediately blocks.
With Wandera’s conditional access functionality, admins can ensure that no jailbroken devices have access to corporate data and applications.
These measures ensure that the security risks of jailbroken devices are contained before any damage, such as a security breach, can occur. For organizations with a UEM solution, admins can easily escalate and take additional action based on the real-time insights and alerts from Wandera.
Wandera also detects malicious applications installed on devices and blocks connections to command and control servers, neutralizing malware installed by malicious applications. This applies to apps downloaded via the Apple App Store or Google Play Store, protecting organizations against malicious apps that make it through the app store vetting processes as well as scenarios when non-malicious apps become compromised and need to be updated or uninstalled.