New iPhone jailbreak released

Apple’s latest iOS versions have only been out for a week.
The updates are new enough that Apple’s own Security updates page still lists [2020-05-26T14:00Z] the security holes that were fixed in iOS 13.5 and iOS 12.4.7 as “details available soon”.
But there’s a jailbreak available already for iOS 13.5, released by a group known as Unc0ver.

Proceed with care

Jailbreaking, as we have said before, can be a risky business, because in the process of jailbreaking you’re actively and deliberately exploiting a security vulnerability that wasn’t supposed to the there in the first place.
As appealing as it sounds to “escape” from Apple’s walled garden, jailbreaking is not for the faint-hearted, because it can leave you exposed to more dangers than before.
In fact, the only cases we know of where iPhone worms have been able to spread from device to device by themselves has been on jailbroken phones, where applying the jailbreak inadvertently opened up devices to remote connections that were blocked before.
Nevertheless, despite the criminal-sounding name, jailbreaking is legal – as far as we know, but remember that we are not lawyers! – in the US at least.
Circumventing “copyright protection” measures such as Apple’s phone strictures hasn’t always been lawful in the US, but in recent times the US Library of Congress, which gets to adjust the regulations every three years, has opened up over its past few regulatory reviews.
In 2018, for example, the Library of Congress:

…recommended a new exemption allowing for the circumvention of TPMs [technological protection measures] restricting access to firmware that controls smartphones and home appliances and home systems for the purposes of diagnosis, maintenance, or repair.

We can thank the “right to repair” movement for a lot of the lobbying for the ongoing legalisation of jailbreaking in the US, using common-sense slogans such as “Would you buy a bike if you couldn’t fix the chain?” and “Would you buy a car if it was illegal to replace the tyres?”
Indeed, today’s US right to repair probably owes more to American farmers – who resented that they had no access to a free market when it came to repairing or servicing expensive equipment such as tractors – than to phone hacking enthusiasts, but the two groups of “modders” today find themselves united with a common cause.

How easy is finding a jailbreak?

Unfortunately, the right to repair doesn’t come, for phones at least, with a corresponding right that requires the vendor to tell you how to exercise that right.
A phone maker like Apple can’t use the law to prevent you trying to jailbreak your phone…
…but it can do its very best to stop you succeeding, and it doesn’t have to tell you what it did to stop you.
That’s why this latest iOS 13.5 jailbreak, announced so soon after iOS 13.5 itself came out, is receiving a lot of publicity.

Is is safe?

The main risk in jailbreaking an iDevice is that you are, of necessity, using it in a way that is not only unsupported but also entirely untested by Apple.
You end up using third party apps – even if they come from the App Store and are supposedly vetted by Apple – in a way that has never before been formally tested.
You also typically end up using apps that simply aren’t available in the App Store, and may either be malicious by design, or be dangerous by mistake because they haven’t had the same sort of scrutiny as software that’s App Store approved.
As we mentioned at the outset, jailbreaking involves actively and deliberately exploiting a security vulnerability that wasn’t supposed to the there in the first place.
Jailbreaking purposefully circumvents some of the security barriers that are always in place on non-jailbroken phones.
For example, loading your own apps, modifying the behaviour of built-in apps, snooping on data from other apps, and peeking at other apps’ network traffic suddenly become possible, even though all those behaviours are usually blocked by Apple.
Even though a lot of the restrictions imposed by jailbreaking are there for commercial and money-making reasons, many of them keep you safer and more secure at the same time.
For those reasons, as cool and as appealing as “freeing up your phone” might sound, we strongly recommend that you don’t jailbreak it.

Should I try it?

The good news is that the Unc0ver jailbreaks require installing a custom app, or building a custom version of an unlocking app and installing it in the same way that IT might deploy a corporate app at work.
You need to plug your iPhone into your laptop and to go through Apple’s “trust this computer” dialog (including entering your unlock code) first, so it can’t happen unexpectedly.
Also, as far as we know, the Unc0ver jailbreak needs re-applying every time you reboot.
In other words, generally speaking: you can’t end up jailbroken by mistake, so a crook can’t secretly do it for you while you’re innocently browsing the internet; and you can get rid of the jailbreak at will simply by rebooting your phone.
Nevertheless, as mentioned above, we strongly recommend that you don’t do it, especially if it’s a phone you use in any way for work.

Latest Naked Security podcast