Cryptosmith

Cousin Jon sent me this Wired link: how to bypass iPhone’s 3GS encryption using jailbreaking tools. I haven’t paid serious attention to the iPhone (AT&T hasn’t had a strong signal in my town) but crypto bypass always gets my attention.

In fact, the weakness has nothing to do with protecting personal information on an iPhone. It’s all about third parties: Apple, the cell provider, and possibly an employer who provides/manages the iPhone.

If you’re not troubled by being limited to the iPhone Apps Store, then the threat’s relatively small, especially compared to desktop systems. Moreover, I doubt we’ll see real iPhone viruses as long as most people are happy with Apple’s app restrictions.

Here’s where the trouble arises. Let’s look at a story about Bob, the usual guy who uses crypto for something.

Imagine that Bob has an iPhone from MegaCorp, his employer. MegaCorp stores his contact list on it, including the company phone list, sales contacts, and other sensitive stuff. MegaCorp has a strong business interest in keeping Bob from making a copy of that list, so Apple is trying to give MegaCorp the tools to control of that info.

This is annoying for Bob, since the iPhone restrictions mean he can send things into the phone but not always get them back out again. Like music clips.

This is a security policy issue. Both Apple and MegaCorp want to enforce restrictions on the flow of certain information. This interferes with how Bob wants to use his phone.

iPhone Restrictions

Apple helps MegaCorp keep control of Bob’s phone by enforcing restrictions on what applications he can download. Then Apple enforces restrictions on what “Apple approved” applications (okay, “apps”) can do.

A normal iPhone will only run apps that are cryptographically signed by Apple. If you write an app, you have to follow certain rules. I don’t know what the official restrictions are, but I can guess:

• Don’t touch files that don’t belong to your app
• Don’t unlock the phone
• Don’t go poking around where you’re not wanted

Security people refer to this as a “sandbox” or “jail” since the app behavior is restricted. In serious systems the restrictions are enforced entirely by hardware and the OS. Apple’s approach seems to mix such restrictions with rules about “malicious code” and some sort of scanning for unapproved code.

This isn’t 100% secure in any sense. But it’s 1000% better than what we have on desktops.

If your app superficially follows the rules and seems acceptable to Apple, then they add the digital signature to your app. Whenever you upload a new app from the App Store, the iPhone verifies the digital signature. If the test fails, the app isn’t loaded.

In theory, at least, if anyone modifies the app then the digital signature check fails.

If you try to load an app with no digital signature, the phone won’t load the app.

Jailbreaking

This is where jailbreaking comes in.

When you jailbreak your iPhone, you disable the digital signature checking. This allows you to download any iPhone app you want, whether Apple approves of it or not.

I’ve seen people talk about two popular types of unapproved apps:

• Ring Tone Installers – I guess this is a big deal for some people
• Unlockers – these allow your phone to connect to “other” cell vendors, assuming they run the same 3G protocols.

Viruses and the Downside of Jailbreaking

If your phone can’t distinguish between legitimate and suspicious apps, then you’re vulnerable to virus attacks and other malware. Fortunately, this hasn’t yet materialized as a significant threat.

Apple’s strategy is a sensible one for protecting against viruses and other malware. It makes the iPhone a much safer software platform than any desktop system.

On the other hand, I haven’t looked closely enough at the iPhone architecture to know how well they implemented this. If they check digital signatures often, then viruses will have a terrible time thriving in the iPhone environment. If they just use them to check downloads, then things are a bit more risky.

They can’t totally eliminate the risk of iPhone malware – from their point of view, the jailbreaks and unlockers are malware – but the can make it impractical for virus writers.

I expect there will be “concept demonstration” viruses for the iPhone, but these mechanisms will make “in the wild” viruses very unlikely.

Other iPhone Weaknesses

Brian X Chen’s article (the one linked above) interviews several people who put down the iPhone’s security.

Their statements are correct as far as they go. Yes, there are ways to bypass the apparent attempts to restrict or prevent information leakage, like apps stealing credit card numbers. However, it’s much better than it is on desktops.

I’d say the biggest weakness is the sheer size of the App Store inventory. It’s impossible to ensure that all those apps really behave themselves.  It doesn’t take a lot of malicious code to pose a real threat.

On the other hand, Apple’s strategy puts some bounds on the risk. If we remain un-jailbreaked, then we have a finite number of apps to worry about. That’s better than the situation on desktops.

Posted under Household Tech & Security | No Comments »