iOS 5.5.1 jailbreak done; iOS 6 jailbreak pending

Absinthe 2 was released on Friday. By Sunday @chronicdevteam had tweeted “Some stats since release of ?#Absinthe? - 211,401 jailbroken iPad3's and 973,086 devices newly jailbroken!” Assuming that the latter figure doesn’t include the former, and assuming that every download resulted in an actual jailbreak, that’s almost 1.2 million jailbroken Apple devices in just 2 days.

It doesn’t stop. At a press conference immediately prior to the release of Absinthe 2 on Friday (we’ve reached 2.0.2, specifically for the iPhone 4 5.1.1 Build 9B208), the Dream Team of jailbreakers announced that they were already thinking about iOS 6. Softpedia quotes pod2g saying, “We won't give up on jailbreaking iOS devices because this is too important for us and we already have a part of the jailbreak for iOS 6 and we will be ready right on time for it.”

With such a huge demand for jailbroken Apple devices, Infosecurity asked several malware security researchers if the industry should be thinking about providing anti-virus protection specifically for jailbreakers. There is some logic to this. Firstly, a jailbroken device is considerably more susceptible to viruses and trojans; and secondly, the only way that AV companies can provide the level of protection for iOS as they do for Windows, would be to jailbreak themselves.

The response, however, was doubtful.

PandaLab’s technical director Luis Corrons accepts the premise: “Yes, this is actually the only way we could somehow protect an Apple mobile device;” but, “no, I am sure our legal department could give a number of reasons to avoid taking that route.” To a degree, Corrons is pragmatic. “After saying all this, at the end of the day we have to recognize we live in a world where the supply and demand law prevails, so if the security landscape changes...”

Graham Cluley, senior technology consultant at Sophos, explained that current landscape. “It's true to say,” he told Infosecurity, “that on a non-jailbroken iOS device it's not possible to do on-access scanning for malware. On-access scanning (the checking of each file as it is accessed or run) is undoubtedly the way in which anti-virus software should run for the highest chance of catching malware so this is quite a problem. Unfortunately, Apple doesn't give us the official means to do on-access scanning and won't allow apps that do this to enter its App Store - it can only be done on jailbroken iPhones and iPads.”

So the question remains: if Apple doesn’t allow the AV industry what it needs to protect the user, should the industry just take it? Apple researcher David Harley thinks not. “Apart from the absolute certainty of alienating a company which does actually cooperate with the security industry some of the time, in a behind-the-scenes sort of way, I would expect to see Apple working to block any such jailbreaking so as to break the installation. That would lead to a war of attrition which would not benefit the customer, or Apple, or the companies involved. And it would squarely move the responsibility for consumer safety from Apple to the AV company, and that wouldn’t fly.”

The bottom line is simple. Jailbreaking may sound romantic and will undoubtedly give users freedom to run what they want; but jailbreakers are pretty much on their own when it comes to security; and will likely remain so for the foreseeable future.

What’s hot on Infosecurity Magazine?