Jailbreaking is back in the New Year’s news.
Jailbreaking is where you deliberately hack or exploit your own device to free it from restrictions imposed by the vendor of the operating system running on it.
Apple, for example, locks down iPhones and iPads so that they can only run software downloaded from the App Store, and so that you can only read certain files stored on the device.
In theory, “jailing” a device serves many purposes:
- It gives the vendor, who may have subsidised the cost of the device, a greater chance to recoup that investment, by requiring you shop at the company store. (This is a bit like buying a cheap mobile phone that is locked to a specific network provider, in countries where that is permitted.)
- It may improve security, by preventing you downloading software from untrusted sources, and by making the device more resistant to hackers who might otherwise be able to trick the device into revealing personal information stored on it.
- It may reduce piracy, by making it harder for you to make unofficial, unlawful use of copyrighted content you downloaded officially and legally.
On the other hand, jailing a device seems a bit unfair.
If you’ve bought the device outright with your own after-tax income, especially if you paid an unsubsidised price, and you happen to prefer Windows to iOS, or Linux to Windows…
…why shouldn’t you be allowed to switch?
If you buy a car from Ford, for instance, you can fill up with fuel from Shell, or BP, or anyone you like who supplies fuel in compliance with the law – you don’t have to use Ford petrol, or put Ford air in your tyres, or Ford fluids in your cooling system.
In theory, jailbreaking serves many purposes:
- It gives the you, the purchaser and owner of the device, the right to get the most out of it, and to enjoy it in ways the vendor may not have thought of, at your own cost.
- It may improve security, by allowing you to patch vulnerabilities and tighten security settings yourself, before official updates – which typically deserve and require wide-scale testing – are available.
- It may allow you to form a clearer picture of what goes on under the bonnet, notably what sort of information the vendor collects about you, how safely it is stored, and how it is shared.
SONY CONSIDERED INTERESTING
In recent years, Sony has been a target of considerable interest to Linux-loving jailbreakers.
That’s because Sony used to let you run Linux on your PlayStation, and even provided official tools to help enthusiasts do so, before abruptly revoking that right and locking its devices down so that switching to any other operating system was impossible.
OK, not impossible, merely difficult.
The PS3 was famously, and as good as permanently, hacked thanks to some detailed cryptographic detective work that uncovered the cryptographic keys that Sony used to lock down the device.
This allowed enthusiasts to “bless” their own content, instead of relying only on files pre-approved by Sony.
Any now, following a paper at the 2015 Chaos Computing Congress in Germany, there’s a Linux release that you can install and use on your PS4.
As the guys behind this programming effort put it:
If we can get people interested in running Linux on the PS4 over using the native OS, we can redirect efforts away from reverse engineering the original software infrastructure (which is what the piracy guys need, and they inevitably leech off of those efforts) to Linux (which is completely useless for piracy).
WHAT TO DO?
- If you aren’t sure what you are doing, you probably don’t need to jailbreak, and shouldn’t. The benefits listed above are counterbalanced by the risk of introducing a security hole that wasn’t in the vendor’s official operating system, or of downloading a program that hasn’t been vetted by anyone, and was written by crooks.
- If you are a Sysadmin, you aren’t being hypocritical if you approve of jailbreaking at home, yet use a product like Sophos Mobile Control at work to keep jailbroken devices off your organisation’s network. It is hard to vouch for the security of other people’s jailbroken devices without performing a security audit of your own.
- If you are a programmer or software designer, never rely entirely on security-through-obscurity, where you assume that keeping technical details secret or hidden will stop hackers and other interested parties from figuring a way around your defences.