iOS 9 security by design, but hacker already shows a jailbreak

Apple announced the secure iOS 9 but a popular hacker demonstrated the untethered iOS 9 Jailbreak in a video PoC before its release.

Apple announced new security enhancements for its new operating system iOS 9.

The new version of the Apple OS, iOS 9, will be available from September 16th on the iPhone, iPad and iPod, according the security experts of the IT giants it was designed to improve security of its customers against a wide range of cyber threats.

The iOS update was announced a couple of days ago during the Apple Keynote event in San Francisco where the company presented its new products including the iPad Pro.

In response to the iCloud hack and consequent leak of the nude pictures of a number of celebrities, Apple has decided to focus its efforts on the protection of users sensitive data.

The two-factor authentication was introduced by Apple to preserve the use of user’s Apple Id for fraudulent purchases, but it seems not sufficient to protect user’s files stored in the cloud. In June researchers at ElcomSoft, a Russian company specialized in the providing of forensics software for cracking passwords and system auditing, reported that in case an attacker was able to access user account credentials despite the Apple adopted a  two-factor verification he is anyway able to access data stored in the user’s cloud account.

“Your Apple ID is the key to many things you do with Apple,” the company has explained. “Two-step verification is a feature you can use to keep your Apple ID and personal information as secure as possible.”

Now Apple has implemented a stronger passcode and a revamped the two-factor authentication process (2FA), the improved two-factor authentication process is built directly into the operating system in order to make harder the access to the user’s Apple ID.

“Enhanced security features in iOS 9 keep your devices and Apple ID secure by strengthening the passcode that protects your devices and improving two-factor authentication by building it directly into iOS, making it harder for others to gain unauthorized access to your Apple ID. iOS 9 apps and the user interface now take advantage of Metal™ to deliver faster scrolling, smoother animation and better overall performance.” states Apple.

Among the new products presented by Apple running the new iOS 9 there is the iPad Pro that comes with new Touch ID technology designed to improve users’ security and the user experience.

“your fingerprint into an unforgettable password”

But, meanwhile Apple decants the security of its iOS 9, just within 24 Hours after the launch the popular hacker ‘iH8sn0w’ announced the first untethered jailbreak for unreleased iOS 9.

iH8sn0w is a well-known hacker who developed the popular jailbreak applications Sn0wbreeze and P0sixspwn.

The hacker published a video PoC on YouTube last night, demonstrating the untethered jailbreak for the iOS 9. iH8sn0w has demonstrated the jailbreak on his iPhone 5 running the iOS 9 GM seed. The video shows the iOS 9 jailbreak, including Verbose booting, Cydia, and code injection.

iH8sn0w confirmed his jailbreak works with the iOS 9.1 beta, both iOS 9 Gold Master (Build 13a340) and iOS 9.1 beta 1 (Build 13B5110e) versions are available for download on the Apple’s Developer Center.

Despite iH8sn0w announced he does not have any plans to release the Jailbreak, but as explained by my colleagues at TheHackingNews it is likely that other developers, like Pangu and TaiG team, will soon release their versions of the untethered iOS 9 jailbreak.

Pierluigi Paganini

(Security Affairs – Jailbreak, Apple iOS 9)