The ability to run any code is significantly different from “jailbreaking” a phone, a term used when the owner of a phone breaks the security locking that device to a particular provider or operating system, because it requires physical access to the device, Miller says. “Jailbreaking is, you have your own phone, you have it in your hand, and you want to do something to make sure you can put nonsigned code on it,” he says. “You own the device, so you can do certain things to it.”
In fact, at the CanSecWest Conference in March, Miller, Alvarez, and other researchers realized that attacks that work on jailbroken phones would not work on regular (non-jailbroken) iPhones. They had assumed that the attacks they had found on a jailbroken iPhone would work on nonbroken devices. Instead, they found that their attacks would not work.
“Basically, what happened was that everybody made the same mistake, and we all have learned from it,” Recurity’s Alvarez says. “We used jailbroken iPhones in order to be able to debug.”
While the researchers could not come up with any legitimate uses for running unapproved code on the iPhone, Miller stresses that the research is valuable. Like nearly 40 million other people, he carries an iPhone containing work information, personal details, and family pictures. Knowing the limits of the device’s security is important, he argues.
“The thing is, I’m pointing out exactly what bad guys can do against the device,” he says. “They are likely doing parallel research, except they don’t share their results. It is better for everyone to understand the strengths and weaknesses of the security of devices, and make informed decisions about what devices they should use and how they should use them, rather than having only the bad guys know how they work.”
Of course, Apple may have already fixed the issue. Later this month, the company will release version 3.0 of the iPhone operating system, and Miller will have to make sure his attack still works.
“With iPhone 3.0 coming out, that might change a lot of this stuff,” Miller says.