Best Laid Plains of Malware and Men: The Cost of Jailbreaking Your Phone

By: Kaitlyn Conway

 

Although it made its debut less than a decade ago, it’s often difficult to imagine life without the iPhone. It’s more or less impossible to go anywhere in public and not see at least one or two people with an iPhone. They’re everywhere, and for many people, they are an essential part of daily living: it’s your phone, your PDA, your daily planner, your camera, your alarm clock, your internet browser, and so much more. But there are many people who are still dissatisfied with the limitations imposed upon the iOS of the iPhone, which have severe restrictions.

 

However, with a process known as “jailbreaking,” iPhone users are able to customize the software of their phones with apps and other features previously verboten by Apple’s iOS. This can include the ability to choose your own Internet browser rather than the default Safari browser, to directly moving files around and transfering them directly from their PCs, to even using the iPhone as a personal hotspot without paying an extra fee to the carrier. However, once an iPhone is jailbroken, two things happen as a result: one, the Apple warranty on the iPhone is immediately void, and two, jailbreaking allows the user to download a secure shell, or SSH, which leaves the iPhone vulnerable to worms and malware attacks.

 

The most recent example of this was KeyRaider, which specifically attacks jailbroken iPhones. KeyRaider is a malware that hooks system processes through MobileSubstrate (and other Apple iOS devices that have been jailbroken), and allows criminals to steal users’ login and password information, private keys, purchasing receipts and device GUID by intercepting iTunes traffic on the device, as well as lock the device and demand a ransom from the user in order to restore accessibility. The malware originated in China, but has spread to 18 countries, including the United States, and has stolen more than 225,000 Apple accounts.

 

The legal status of both jailbreaking and the users who jailbreak their iPhones is not consistent. Although it is not technically illegal in the United States, the legal status of jailbreaking is affected by laws regarding circumvention of digital locks, such as digital rights management (DRM). Digital rights management, also known more colloquially as “copy protection,” are access control technologies that are used by both hardware and software developers with the intent of restricting the proprietary use of said software and hardware.  This includes technologies that control use, modification and distribution. The United States has laws that circumvent DRM, but there are countries in which this is not the case, and as a result, jailbreaking can be considered a punishable offense.

 

Another legal issue for jailbreakers is that once they have their iPhones attacked, there is essentially no legal recourse. Under the Magnuson-Moss Warranty Act, 93 P.L. 637, consumers are provided with access to reasonable and effective remedies when there is a breach of warranty on a product, including dispute-settlement procedures, injunctive procedures against suppliers of defective products, and even the opportunity to file class-action lawsuits against suppliers. However, people that jailbreak their iPhones are not protected under the Magnuson-Moss Warranty Act because it only protects consumers who still have a valid warranty with their defective product(s). Once an iPhone is jailbroken, the Apple warranty is immediately voided, and with that there is virtually no recourse should something like an attack from KeyRaider befall a user. However, a possible remedy has been offered by Palo Alto Networks, which was one of the first news sites to report of the attacks (http://researchcenter.paloaltonetworks.com/2015/09/keyraider-ios-malware-how-to-keep-yourself-safe/#more-10141).

 

Let’s look at jailbreaking through a costs-benefits analysis. For those who choose to jailbreak their iPhones, the reasons seem obvious: the ability to take a piece of hardware that is, more or less, attached to you 24 hours a day, and customize its functionality to your exact preferences. However, should you take that route, you certainly leave yourself vulnerable to malware attacks, having your personal and financial information disseminated, and having no official means as to remedy the problem. Also, unless you are tech savvy and confident in your abilities to save your iPhone, you are basically left with a useless, locked iPhone that costs upwards of $600 to purchase and has no warranty protection, and your account information is in the hands of a complete stranger, who is demanding a ransom to unlock your iPhone. If you feel a burning desire to use Chrome instead of Safari on your iPhone, then tread carefully.

 

Bio: Kaitlyn Conway is a staff member on the Journal of High Technology Law. She is currently a 2L. She holds a BM in Vocal Performance from Westminster Choir College of Rider University.

Print Friendly, PDF & Email