Tom Simonite

A View from Tom Simonite

Military Malware May Have Killed the iPhone Jailbreak

Malware developers will pay large sums for the bugs needed to loosen Apple’s software restrictions.

  • March 5, 2013

Since the debut of the first iPhone, Apple has played a cat-and-mouse game with hackers who want to install “unofficial” software onto their locked-down devices. That game may be about to end thanks to the booming business in state-backed malware.

The race between Apple and the hackers goes like this: hackers develop and release software that can “jailbreak” an iOS device so it can be tinkered with freely, then Apple neutralizes the new method with a software update. The latest round started in early February when a group of coders known as Evad3rs released their latest jailbreak tool, evasi0n, and Apple appears poised to release a patch soon.

All that could soon be over because jailbreaks work by exploiting previously unknown bugs in Apple’s software. Those are also known as “zero days” and are now very valuable to people building sophisticated malware for the purposes of surveillance and industrial espionage (see “Welcome to the Malware-Industrial Complex”). People with knowledge of the market for vulnerabilities say the value of iOS bugs is high enough to make selling a bug much more attractive than working it up into a new jailbreak method.

Charlie Miller, a hacker famous for demonstrating ways to hack the iPhone and other Apple products, tweeted around the time of evasi0n’s release that it would likely be the last. He listed five reasons, including that Apple has tightened the security of its products and that a person who found a zero day for iOS could “sell it to make $250k.”

The cofounder and CTO of mobile security company Lookout, Kevin Mahaffey, gave a higher estimate earlier this week, telling me that the “current price” of iOS zero days is $500,000. The Evad3rs have a donation button on their jailbreak site but whether it could raise amounts competitive with such sums is unknown.

The zero day market is a shadowy one, so getting a price like those estimated by Mahaffey and Miller would require having the right connections. Apple’s work on making iOS tougher to crack may make that more likely, since finding a zero day for the operating system has become a more elite pursuit. Zero days for mobile systems are particularly valuable because they are rarer than for conventional computer systems, people are less wary of security threats on mobile devices, and they tend to stay undiscovered and unpatched for longer.

All that means that evasi0n may be the last of the publicly available jailbreaks. Jailbreaks will still be around, but only intelligence agencies and military will be doing them. What Apple thinks of that is anybody’s guess.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.
Subscribe today

Uh oh–you've read all five of your free articles for this month.

Insider Premium

$179.95/yr US PRICE

Want more award-winning journalism? Subscribe to Insider Premium.

  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Join in and ask questions as our editors talk to innovators from around the world.

You've read of free articles this month.