What it takes to jailbreak iOS 9
Apple isn’t the only one working on iOS 9 right now, as hackers from China are already looking to find an untethered jailbreak and release it after iOS 9’s official debut.
Jailbreaking an iPhone or iPad lets users install any kind of applications on the device from third-party stores, something that’s not possible on default iOS releases.
The Keen Team has a dozen members who are well-versed in iOS coding, as they were able to successfully crack iPhones in Pwn2Own competitions in 2013 and 2014 and score almost $70,000 in reward prizes. But the Chinese hackers aren’t in it for the money, Forbes has learned, but rather for the challenge.
The team is working with fellow Chinese hacker group Team Pangu that released jailbreaks for iOS 7 and iOS 8. Keen hackers are on their first iOS jailbreak attempt, and they’re looking to come up with one in time for the final iOS 9 release, a task that’s a lot more difficult than it sounds.
The challenge appears to be finding plenty of vulnerabilities in the operating system that are not known to Apple yet, and linking them together to obtain an untethered jailbreak. According to Forbes, you typically need between three and five such “zero-day” attacks to come up with a jailbreak that can take over the iPhone and work even after reboots without the user having to constantly connect it to a computer (hence the term untethered).
Apple, meanwhile, is also constantly hunting for security issues that could be exploited for malicious purposes and jailbreaks.
A report preceding WWDC 2015 said that one of the features of iOS 9 and OS X El Capitan is called “rootless,” a technology that would prevent any kind of jailbreaks. Apple has not detailed such a feature, but a recent discovery in Xcode 7 reveals that Apple does plan to make it easier for users to run their own apps on their iOS devices, without having to install them through the App Store.
In the past, Apple has always patched security holes leading to successful jailbreaks, challenging hackers to find other vulnerabilities to reenable them.