iOS Jailbreak Analysis was presented by Dino Dai Zovi as part of the Cyber Security Awareness Week (CSAW): THREADS Mobile Security Conference This presentation was originally recorded on November 15, 2012, at Polytechnic Institute of New York University in Brooklyn, New York.
Dino talks about malicious attackers that are rarely forthcoming with their strategies, expenditures, or forecasts. The jailbreak development community, in contrast, is much more visible with blog posts, Tweets, and public software releases. As the technical development of a jailbreak overlaps significantly with the development of a malicious attack, the high-visibility jailbreak development community can serve as an analysis proxy for the low-visibility malicious attacker communities. An analysis of the jailbreak community's strategies can serve as a model for the strategies of malicious attacker communities. These communities, however, are not completely isolated. An advanced public jailbreak community provides information, tools, and know-how that may be leveraged by malicious attackers as well. This presents a choice for an integrated hardware and software platform vendor: should jailbreaking be facilitated in order to discourage the release of advanced jailbreaks that may easily be repurposed as malicious attacks? Or should the jailbreak release and security patch cycle be encouraged in order to identify and fix vulnerabilities that may also be discovered and exploited by malicious attackers?