David Harley

Job title:
CEO, Small Blue-Green World, and independent author

Areas of expertise:
Apple security, malware, anti-malware testing, psychosocial aspects of security, user education, email management, social media, medical informatics

The Apple Security Blog, by David Harley David Harley, CITP, FBCS, CISSP, is an IT security researcher, author and consultant living in the UK. He has worked in IT (largely in medical informatics) since the 1980s, increasingly focused on security and anti-malware research since 1989. Between 2001 and 2006 he managed the UK National Health Service’s Threat Assessment Centre, and since 2006 he has provided authoring and consultancy services to the anti-virus industry. Since 2009 he has been a director of the Anti-Malware Testing Standards Organization (AMTSO). He runs the Mac Virus website and AVIEN (the Anti-Virus Information Exchange Network), and is a Fellow of the British Computer Society (now the BCS Institute). He was principle author and technical editor of “The AVIEN Malware Defense Guide for the Enterprise” and co-authored “Viruses Revealed”, as well as contributing to many other books including “OS X Exploits and Defense”. He has a daunting back-catalog of research papers and articles, and also blogs for Mac Virus, AVIEN, ESET (where he holds the title Senior Research Fellow), (ISC)², and numerous other websites.

Tag Cloud



iOS Jailbreaking: Does Absinthe Make the Heart Grow Fonder?

Kevin Townsend asked me for my opinion on iGadget jailbreaking, in the light of the recent release of Absinthe, a jailbreaking tool for the iPhone 4s and iPad 2. As a result, I’m quoted in a useful article for Infosecurity magazine here that also includes quotes from luminaries such as David Emm and Luis Corrons. However, I thought I’d take the opportunity to expand on my thoughts here.

I understand why many security people (Luis for one, on the strength of the comments quoted here, and Paul Ducklin for another) have sympathy for the jailbreaking movement, but if you want to go that route, you need to know the implications and possible difficulties. More or less by definition, jailbreaking is a modification to the OS that might destabilize it in unexpected ways. And because as far as Apple is concerned, the owner has breached contract (rightly enough), the company is under no obligation to help you out in such a case, so there’s a (probably small) risk of an unintentional and unforeseeable integrity breach with no likely recourse from the source of the code. Thinking longer term, it’s not entirely rational to assume that all sources of jailbreaking tools are and always will be competent or even benevolent. And of course there’s no absolute certainty that any app, security or otherwise, will work as expected on a modified device.

That’s the hypothetical view. Less hypothetically, there aren’t any security apps for iGadgets that are really analogous to desktop AV. Apple is unlikely at this time to approve an app with the level of system kernel access that is necessary for the level of protection offered by commercial desktop AV with on-access scanning and anti-rootkit bells and whistles. In principle, not a big deal since Apple isn’t likely to approve the kind of frankly malicious app that would necessitate that level of protection, though there’s obviously the possibility that something malicious could slip through in the way that Charlie Miller’s recent PoC did.
On a jailbroken iGadget, however, all (or at least some) bets are off: the nearest thing to viruses that have been seen to date on iOS have only worked on jailbroken machines. While I suppose you could design some kind of anti-virus app that actually took advantage of jailbreaking in order to improve security, it would pose all sorts of ethical and practical problems. Even if a company was willing to go that route (and AV companies are notoriously ethically straightlaced) I suspect that Apple would withdraw all cooperation across the board from them. A jailbroken device isn’t precisely analogous to an unrooted Android: while most Android AV is pretty patchy in performance, you can get AV that could be described as meeting a commercial standard.
As it is, while there are approved security apps that take a different approach to classic AV, the main defense for an iGadget is still Apple’s code inspection for approved apps. However, just after the article came out, Graham Cluley noted an instance of a fake app that slipped through Apple’s approval process. Not the first, though it’s by no means a common occurrence. So I think it’s fair to say that while from a security point of view, conforming with Apple’s requirements is the safer route, there is no such thing as 100% safety, even in the App Store.

Posted 23/01/2012 by David Harley

Tagged under: Apple , jailbreaking , Absinthe , David Harley , Charlie Miller , Android , antivirus , iOS

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×