Jailbreaking is the exploiting of manufacturer or carrier operating systems, often by removing restrictions from a device like an iPhone. The exploit usually involves running a privilege escalation attack on a user’s device to replace the manufacturer’s factory-installed operating system with a custom kernel. Apple users often jailbreak iPhones to install programs that are not available through Apple’s marketplace. Unethical developers that don’t want to comply with Apple’s App Store policies often post apps on Cydia or other app sites used for jailbroken devices.
Jailbreaking can also be used to bypass Digital Rights Management (DRM) and share copyrighted media, or to access file systems, user interfaces, or network capabilities that are usually locked down.
While jailbreaking can be exciting for its users, it does increase the risk of malware or the exploitation of your device. A jailbroken device can be easily victimized by a Trojan or accessed remotely by an intruder. Any security measures provided by iOS or installed third-party applications may be rendered inoperable or untrustworthy. As a result, employers often take steps to detect and wipe jailbroken devices.
What does this mean for an SMB?
- Bypassing Apple’s OS controls by jail-break is a breach of their Terms of Service and invalidates all warranty claims.
- it leaves you open to increased risk of exploitation by hackers and data theft:
- security measures may be inoperable enabling other attacks to succeed
- Jailbroken devices in your business could be putting your organization at serious risk if they are on the same network or working with company information on those devices.
Jailbreaking an iPhone may have a place in a small number of companies doing development that require special testing scenarios, however, for the vast majority of companies, your Acceptable Use and Mobile Device Management policies should prohibit employees from using Jailbroken or rooted devices from accessing, storing or processing any sensitive or critical company data.