Absinthe 2.0 Reveals Serious Security Vulnerability For Apple
If you’ve been in the iPhone modding scene for a while, you might have noticed that the Absinthe 2.0 jailbreak doesn’t require booting your device into DFU mode. As it turns out, the simpler it is to jailbreak a phone for the end user, the more of a security threat the underlying exploit is for Apple.
The Device Firmware Update mode is like performing a secret handshake with your iPhone. It can be activated by plugging your mobile device into your computer, power your device off, hold the power button for 3 seconds, then (while still pressing the power button) hold down the home button for another 10 seconds, then release the power button while continuing to hold home. This process should be familiar to anyone who has used RedSn0w. The important thing to know about DFU mode is that it’s a deliberate state that you will only put your device in for the purpose of recovery or software like RedSn0w. People don’t walk around with their phones in DFU mode.
Absinthe 2.0 works by plugging your device into a computer, without having to activate DFU mode. The exploits used can run arbitrary code, meaning it can be used to run anything as root. Pod2g used the exploits to give iPhone and iPad users control of their own devices, but the exploits are “in the wild” now and can be reverse engineered and used for any purpose.
While this doesn’t reveal as serious a security issue as sites like Comex’s JailbreakMe, which performed jailbreaks through the iPhone and iPad’s Safari browser and could have been used by any website to secretly run any manner of code on an iPhone. Open exploits that require a computer attached to the device aren’t as serious a threat, but they’re still problematic.
It would be possible to set up computers in public spaces (such as schools, workplaces, or libraries), as stations that infect charging phones with keyloggers or backdoor rootkits. Someone could also write a PC computer virus that then takes control of attached phones (like viruses that spread to USB drives).
Admittedly, this is a long shot. All these attacks would require the victims to fail to notice a “restore in progress” on their device. That said, it doesn’t hurt to be aware that the exploit could be used for nefarious purposes. According to Nikias Bassen (@Pimskeks), setting a lockscreen passcode is one solution to prevent pairing with untrusted devices, which would prevent the exploit from running.
Another thing to keep in mind is that this jailbreak gives Apple a reason to patch their firmware, aside from just preventing their customers from jailbreaking phones. Apple is trying to court enterprise buyers and a security vulnerability like this looks bad for them. What this means for you practically is if you’re going to jailbreak your iPhone, iPad, or iPod Touch, do it now.
How seriously do you take your mobile security? Do you set passcodes on your device? Share your thoughts in the comments section below.