Less than six months after introducing it, Apple has quietly disabled its jailbreak detection API through the iOS 4.2 software update, according to a new report.
Network World reports that the API, which was released in June as part of a mobile device management (MDM) bundle for iOS 4.0, has been disabled in iOS 4.2, leaving perplexed vendors to question why. The API had previously allowed third-party MDM applications, such as AirWatch or Sybase's Afaria, to check for unauthorized modifications to the system files, author John Cox wrote.
Third-party MDM vendors had created their own utilities to check for jailbreaks, but Apple's jailbreak detection API granted MDM applications direct access to iOS system information.
"We used it when it was available, but as an adjunct," said Sybase vice president of engineering Joe Owen. "I'm not sure what motivated their removing that....I've not had anyone [at enterprise customer sites] talk to me about this API being present or being removed."
Though jailbreaking an Apple device voids its warranty, the U.S. government recently legalized the process through a handful of exemptions to preexisting laws forbidding it.
Apple has been an unwilling participant in a 'cat and mouse' game with hackers. As vulnerabilities are discovered and exploited by the hacking community, Apple rushes to patch the issues, while hackers secretly move on to the next flaw.
In August, hackers released a high publicity browser-based jailbreak for the iPhone 4 that drew attention to a glaring security flaw that could have exposed users to malicious software just by visiting website.
As hackers became aware of the jailbreak detection API, they may have begun circumventing it, adding another layer to the tug-of-war between jailbreakers and Apple.
"Whatever [Apple] adds [in the OS] to detect the jailbreak, if it is to be queried from the iOS kernel, it must be accessible and have the ability to be changed," security consultant Jeremy Allen told Cox. "Meaning, if it is going to be a useful detection method it can also be circumvented. It is a fairly intractable problem to solve 100%."
The use of jailbreaking to pirate App Store software has been a major concern for Apple and developers. Also at stake is Apple's relationship with carriers, who often sell iPhones locked to their networks. In the U.S., for instance, the iPhone is only available through AT&T, though Verizon is expected to begin selling the iPhone early next year. Users looking to use their locked iPhones on other carriers often jailbreak and unlock their handsets.
No comments:
Post a Comment