“iPhone jailbreaking is dead” these four words speak clearly about the end of exploitation in iOS devices. Jailbreaking has been around for 10 years for those who wanted full open control of their iOS device which the Apple does not provide straight out of the box.
Apple had been updating their iOS devices to remove any flaw or bug that might result in any kind of exploitation and by continuous updates to their software, the company has finally succeeded in eliminating jailbreaking completely, at least for now.
Many known developers and prominent organizations have left the jailbreaking community and are giving up on exploiting the iOS devices. Apple also increased its security in the jailbreaking department and even announced a $1.5 million prize if a hacker finds a vulnerability and sell it to the company.
Also, the prominent members of the jailbreaking community moved to high-paying security Jobs which results in fewer developers that are bothering to jailbreak. These are the factors have been resulting in the death of jailbreaking.
Back in the days getting a jailbreak was comparatively easy as the operating system had just started and it wasn’t polished enough. However, with time and updates, the jailbreaks became harder to find. The last publicly available jailbreak was available a year ago and the current version of jailbreaks requires the user to re-enable the jailbreak after every reboot. There have been no jailbreaks available for the latest iOS since last year.
If you wanna understand how a hacker finds a persistent jailbreak read ahead. Generally finding a jailbreak requires 3 to 4 steps:
• App Exploitation:
The very first step to find a jailbreak is to find a vulnerable application which usually meant finding flaws and bugs in the code of the Safari.
Once the hacker successfully finds a flaw, he then sideloads or installs apps that are not approved by the App store. This originally meant that now the user will be able to install third party apps that are not available at the App Store, but later it provided more features like Bluetooth tethering which are usually carriers disabled or charged extra money to use.
However, running sideload apps requires disabling the signature check that iOS kernel does before executing any app to ensure that they have come from the verified source.
• Kernel Exploitation:
The next step is that hacker must find a flaw in the kernel of the system which allows arbitrary code execution in order to skip the signature checking routine.
The Kernel of an operating system is in charge of controlling the access to hardware resources, manages processes and controls the user permissions and performs other tasks of the system.
Once the attacker successfully exploits the first two flaws, the jailbreak only works until the device is rebooted. Once the device reboots for any reason there is no jailbreak available and you will need to re-enable it.
• Boot Loader Exploitation:
The hacker must find a flaw in the boot sequence as the bootloader also verifies the signature. This is a clever strategy by Apple because they force the hackers to find 3-4 vulnerabilities and fixing any one of them breaks the jailbreak which forces the hacker to find a new flaw in the same department.
Apple makes sure that at least one of the flaw is in the bootloader as they are comparatively small and don’t need a lot of features added over time, so this helps in fixing the flaw easily with the next version of iOS.