If you have been living under a rock for the past month, you probably have not heard about checkra1n – a revolutionary method to “jailbreak” iOS devices that CANNOT BE PATCHED by Apple. If otherwise, then, of course, you have heard about it, but probably don’t know what the hell it is.
Let me try to simplify and explain it to you – especially if you are an Apple user. Even if you’re not, it is beneficial to know how hackers out there can discover vulnerabilities in the most secure personal platforms like the iPhone.
What is a jailbreak and why do people do it?
A “jailbreak” is a method to get escalated privileges on the iOS platform, that lets you do a lot of things that Apple otherwise wouldn’t want you to. For e.g., downloading third-party apps that are not available through the App Store. If you are in the U.S., chances are that you are tethered to a certain phone carrier like AT&T or Verizon, when you use an iPhone.
However, on a “jailbroken” iPhone you will have super-user privileges to install apps that are not available through the App Store – like how you can download an APK file to your Android (even if it’s not on the Play Store) device and start using that app like normal. Similarly, you can also untether your iPhone from the locked-in mobile carrier to access other carriers through software-unlocks (google Redsn0w for more details). You can compare it to the “rooting” process on Android devices.
Cool, isn’t it?
Not quite. Jailbroken iOS devices are also at a greater risk of being compromised (which Apple takes great pains to prevent through the best in enterprise security and screening every app featured on the App Store). Most users who jailbreak their phones download and install apps and services that are otherwise not advisable to have on their iPhones due to security reasons. One of such services is a Secure Shell(SSH) that can leave an iPhone in a very vulnerable state to remote attacks if the necessary changes are not made to your credentials. One such global attack was in 2015 when a malware called KeyRaider infected more than 225,000 jailbroken iPhones and stole users’ login information, including banking services.
What is checkra1n?
It is a project that was conceptualized and executed by a team of hackers who exploited an unpatchable vulnerability in iOS which they named checkm8. Essentially, this process uses that vulnerability to jailbreak iOS devices – from iPhone 5S to iPhone X, iOS 12.3 and above. This group has made an app(called the checkra1n app) that can be downloaded on to a Mac computer and used to jailbreak an iPhone connected to it. It’s a very simple and easy process to do. If you are interested in how to do it, visit the website of checkra.
The loophole that they have identified is a hardware vulnerability and hence, CANNOT BE PATCHED BY APPLE. It can only be rectified by changing the hardware configuration, and not by a software patch that they can release as part of a system update. And this is why checkra1n has become one of the hottest topics in the cybersecurity world – there is no defense against it.
I’m an iPhone user, should I be worried?
If you have a standard iPhone which has not been jailbroken, then you have nothing to fear. I personally wouldn’t suggest you to try jailbreaking your phone, especially if you don’t know what you’re doing. However, if you have already done it(for whatever reason) I would strongly recommend against installing any third-party app that you don’t know or recognize as these may contain malware that can steal your personal information.
Do not leave your phone at a repair shop, as it is quite easy to install tracking software and other malware on your phone when it’s jailbroken. A malicious website can now take control of your iPhone when you’re accessing it. Also, you can forget about getting any service support from Apple if you have a jailbroken device even if it is under warranty.
Who benefits from checkra1n?
Experienced hackers and professionals with extensive knowledge of iOS devices will be able to use their elevated privileges to circumvent the limitations created by Apple – like installation of third-party apps, customization and making development easier by accessing the file system and command-line tools. For an average user, there is really nothing much on offer other than the freedom to install apps not available on App Store, or unlocking your phone carrier.
Law enforcement officials will greatly benefit from this vulnerability by being able to access more data from a suspect’s iPhone or iOS device. Digital forensics companies like Cellebrite and Elcomsoft have already incorporated the vulnerability in their products to give access to data that would otherwise have been out of bounds. This definitely helps in keeping our communities more secure, as more data means more convictions and less crime on the streets.
So there you go! That was a short and sweet explanation of this new phenomenon that is taking the iOS world by storm. If you would like to know more about the checkm8 vulnerability, you can visit the website of checkra and read more in detail.
What do you think of this development? Will Apple act against it and how? Write in the comments to start the conversation!