Skip to main content

Ex-Jailbreakers now working to secure iOS for consumers and enterprises with comprehensive platform

For nearly half a decade, teams of hackers and programmers have worked tirelessly to crack Apple’s iOS software code in order to inject new features, themes, and applications. Now, a team led by noted former jailbreak developers Will Strafach, otherwise known as “Chronic”, and Joshua Hill, known as P0sixninja, is working to secure Apple’s mobile platform. The duo, along with a list of unnamed former jailbreak developers, has been working on a new comprehensive platform to secure iOS devices for both enterprises and consumers. Strafach provided us with a preview of the platform known as “Apollo,” the first security product from his new company Sudo Security Group.

In a phone interview, Strafach started out by answering the likely first question of those who may be interested in such an application: why should jailbreak developers be trusted with securing devices? As Strafach explained, he and his team likely know more about the inner-workings of iOS and other mobile platforms than any other group of developers, save for those at Apple, because of their experience in tinkering with the operating system’s core.

“We know the iOS system inside and out due to the years we’ve spent buried in disassembly tools seeing how things work. We know what weak spots to keep a close eye on, we know what bits are bloated and may be vulnerable in ways which have not yet been considered,” Strafach said, adding that his team has now “taken on the equally important task of figuring out how to make things better” instead of just figuring “out how to make things break.”

The Apollo security platform, as Strafach explained, can be broken down into two parts: the enterprise path and the consumer application. Let’s start with the enterprise software. Many large corporations use Mobile Device Management software, known as an “MDM” service to manage large numbers of iPhones or iPads, for example, that are used by their employees. For instance, Apple offers its own native tool while major software developer VMWare has its own solution called AirWatch.

The Apollo suite moves to differentiate itself by focusing on security: at a high level, the application uses a backend service known as “Guardian” that scans applications installed on a user’s iPhone to check if the applications include code that can steal user data, inject malware, make background installation attempts, conduct email-based phishing, and weaken the file system’s security. Specifically, Strafach shared the following list of application security checks that Apollo is capable of for employees that bring their own devices to the enterprise:

  • Leakage of sensitive data (Intentionally, or due to insecure connections)
  • Communications with servers in a non-allowed/sanctioned region(s)
  • Utilization of private and/or privacy-invading APIs
  • Binary download attempts from unsafe sources
  • Suspicious application behaviors which may require a second-look

11

The service also has a long list of stronger security features for devices given to employees, not brought by employees into the enterprise:

  • Strict application whitelist and blacklisting abilities
  • Lock down devices as much or as little as needed, configurable based on user group or even individual users
  • Disable system applications such as App Store, Messages, and more.
  • Disable system features such as screenshots, data sync, and more.
  • Web content filtering, both liberal and strong options available
  • Heavy monitoring for network I/O activity to watch out for threats
  • Activation Lock Assistant – Never get locked out of a company-owned device by a personal Apple ID again!
  • Special case malware monitoring – Assure dangerous skimming malware does not find it’s way to your point-of-sale iPad or iPhone.
  • Block removal of our MDM and protection software from the device – Even if a hard reset / restore (“DFU Restore”) is performed!
  • Perform full system data wipe to be performed at any time
  • Prevent company-owned devices which were lost or stolen from ever being used again

Richard Lutkus, an eDiscovery attorney Partner at Seyfarth Shaw LLP who is advising Sudo Security Group, told us that the software is ideal for companies wanting 100% control over their own corporate data on untrusted end points, especially with Sudo application security monitoring software that ensures the device stays malware free and compliant. This is relevant as some companies now ask employees to bring their own hardware. However, Lutkus made it clear to us that the software balances user privacy by sheltering personal data away from the manager of the Apollo system.

  • Perfect isolation of personal data and sensitive Work Data.
  • Wipe any Work-related contents from the device, while not touching any personal data.
  • Maintain full control over anything Work-related on all BYOD devices, while allowing users to still maintain full control over their personal applications and data with no compromises needed.

Beyond identifying and preventing potential attacks, Apollo has a remediation system integrated for fixing breaches:

  • Shape policies to encourage self-remediation by end users to streamline processes and reduce IT workload
  • Create powerful workflows to fit different levels of security problems
  • Send message to device owner to inform them of any detected security violation.
  • Send message to manager of device owner or IT department to inform them of detected security violations.
  • Automatically generate IT helpdesk tickets for more serious violations
  • Remove non-compliant applications from work devices.
  • Prevent access to Work Apps until security problems are fixed.
  • Prevent access to Work Email until security problems are fixed.
  • Prevent access to Work VPN until security problems are fixed
  • Prevent connection to Work WiFi network until security problems are fixed.
  • Prevent use of Single-Sign On until security problems are fixed.
  • Prevent ability to open Work Documents and Data until security problems are fixed.
  • Require system Re-scan in Security Center Agent after problems are fixed to ensure that system integrity is intact and no threats are present.

22

Besides all the deeply technical details and features, perhaps the most intriguing capability for the enterprise suite is its Touch ID integration as a “dead man’s switch.” This system would throw a pop up at the user every certain amount of days, like every 5 days in the above example, that asks the user to authenticate their fingerprint. This system is designed to ensure that the device is still being used by its owner. This is an interesting use case for Touch ID that goes beyond simply logging into an application. Strafach explained that this “provides a cryptographically secure and verified mechanism for verifying that a user themselves is in possession of a device. There is no workaround besides using the genuine fingerprint of the user due to the way we have leveraged PKI (Public Key Infrastructure) and the device’s built-in Secure Enclave to undoubtably verify device possession.”

The enterprise system also has a simple method for blocking employee access to certain types of applications. For example, a CTO could ensure that employees running on a device with the Apollo platform cannot install apps that access contacts or retrieve GPS data. Strafach tells us that the system is customizable to either completely block installation or simply send a warning to the individual employee. Strafach tells us that the server used for analyzing applications would need to be hooked into a company’s on-premise or cloud-based server infrastructure. His team, however, also hopes to roll out a small business version in the future that works around this current requirement.

Due to App Store limitations, Strafach says that the aforementioned consumer application cannot actually read which other apps a user has installed, so its capabilities revolve around checking for malware in the OS and connections to malicious servers. In our interview, Strafach touched upon this and the general App Store approval process:

In the consumer-level app, we have indeed been able to be creative about adding useful detections in an App Store compliant way. But there are certain things which are off-limits to the allowed APIs, as everyone knows, so that is one way our enterprise offering ties into this. The Apple MDM Enterprise APIs allow gathering more information than what App Store complaint APIs allow, so we have leveraged this to benefit users as well. The company wants data to be kept secure and assure sensitive data cannot leak out, so part of this involves utilizing our binary analysis engine to assure that certain invasive apps won’t be loaded on devices. If we are already doing that though, it made sense to us to take this a step further: We have added detections which companies may not care as much about, but which a user absolutely would in terms of their privacy, such as applications which send your location or gender to advertising providers. This increases the incentive for employees to enroll their devices in their employer’s BYOD program as it can actually benefit them, allowing us to distance our offering further away from the current notion of being a “big brother” type solution that is forced onto devices, and instead create an experience that benefits both sides.

Strafach tells us that his company plans to release the enterprise system during the first half of 2016. Special pilot programs and a beta of the free consumer application will become available for 9to5Mac readers in the near future. A website to register interest is also now live, and it will soon be updated with additional information on the platform.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Alex Moran - 8 years ago

    Finally morons will stop jail breaking devices compromising security. Seems even the guys who create the jailbreaks now see its dangers

    • jmiko2015 - 8 years ago

      Why would you call a moron somebody who actually showed Apple that iOS had flaws? Even Apple is thankful for jailbreakers.

      • Alex Moran - 8 years ago

        I call them morons because when they do it and when jail breakers do it they justify it by saying that the so called decreasing of your devices security is a lie. Now the story seems to have changed

    • Avieshek (@avieshek) - 8 years ago

      Let me rephrase it: Just replace “morons” with “talented persons”

      • Alex Moran - 8 years ago

        No one denies their talent. These guys are fucking brilliant. But see above reply.

      • André Hedegaard - 8 years ago

        I’m with Alex on this on.

    • Sounds like this security platform needs to Jailbreak a device to integrate so deeply into the OS/device.

    • Scott (@ScooterComputer) - 8 years ago

      Errrr…you do realize that this product is targeted at the non-jailbreaking crowd, right? The “compromising security” you bespeak of is already due to flaws IN iOS, they aren’t a RESULT of a jailbreak itself. The jailbreak just creates an additional vector to be exploited by way of an alternative method of installing applications from less-than-trustworthy sources. One issue the Apollo team is specifically addressing is that even apps that are sourced BY WAY OF the Apple iOS App Store can leak user data; even on non-jailbroken devices. Right now.
      So much for the entire premise of your comment. “Dangers”. Abject ignorance is the real danger.

    • 89p13 - 8 years ago

      As I read the original comment, Alex Moran was NOT calling Will and his Team “morons” – Rather the people who actually load and run the Jailbreaks provided by unknown teams of code writers.

      I’m a proponent of “live and let live – as long as no one is hurt” but I do scratch my head at the people who Jailbreak and then whine about the unforeseen consequences and then try to place the blame on someone (Apple / Jailbreak software creators, etc.) other than themselves.

      “Can’t do the time / Don’t do the crime.”

      YMMV!

    • rahhbriley - 8 years ago

      Love these dudes! Used Chronic Unlocks several times with success also.

      You jailbreak heaters are ignorant and short sighted. Many of you have made up your minds that it’s evil and clearly are so focused on the small percentage of idiots who pirate. Try looking into the heaps of innovation, utility, security and liberty jailbreaking can provide. :-P

    • .. (@916253) - 8 years ago

      Don’t call someone a moron because they want to have more ability to customize.

    • Marius Lund (@mariusll) - 8 years ago

      Do you know how bad the Apple device is secured at all? There is no low level disk encryption on the drive of the device at all, like you have the option to do in Android. There is only file encryption. The morrons is sitting infront of the device not the people that actually do the testing of the security (jailbreakers). So you are saying people like George Hotz ( geoh0t http://reactions.co/ ) and Jay Freeman (saurik) http://www.saurik.com/ is morrons? You need to get a life kid.

  2. AeronPeryton - 8 years ago

    “Weak password: alpine”

    You are never given an interface to even enter this password unless you root the phone, which makes you the cause of the vulnerability. You also must have physical access to the device afterwards to even enter it. What snake oil they come up with these days.

    • This security platform isn’t going to work unless it’s been installed with root access.

    • Will Strafach (@chronic) - 8 years ago

      It sounds like you are an experienced user. This is not the case for a whole lot of users, who will jailbreak their devices and do not remember to change the root password (The warning will not appear if the device is stock/non-jb). If the weak password warning bothers too many folks, we will remove it, but I do not see much downside to this.

  3. Chris Denny (@dennyc69) - 8 years ago

    I think it’s very impressive, based on this article, and will be an amazing benefit to all IOS users.

  4. Avieshek (@avieshek) - 8 years ago

    How to Apply job for Apple

  5. rogifan - 8 years ago

    This reads like an ad masquerading as an article. When’s the last time a non-jailbroken consumer iOS device had its security compromised? And does anyone really believe Apple will allow this on the App Store?

    • bipolarsojourner - 8 years ago

      Security goes beyond jail breaking. For example, apps can still leak data, even apps in the App Store. Perhaps the data the gets leaked is your bank account number. Maybe nothing that severe, maybe just enough information for indentity their.

      • rogifan - 8 years ago

        Do you have an example of when this happened?

    • gatorguy2 - 8 years ago

      What do you mean by “security compromised”? While it’s not the end of the world there’s a whole lotta sharing going on behind the scenes that users are not aware of (And truth be told Android is even worse). Example: The App Store app Period Tracker Lite app on iOS was recently found to be sharing medical info with the websites amazonaws.com and apsalar.com. It also the shared the user’s name, e-mail and password info with the website gpsocialapp.com., all without specific disclosure to the end-user. Some would consider that a security breach.

      • Will Strafach (@chronic) - 8 years ago

        We are mainly focused on app screening, finding things exactly what you describe. Beneficial to enterprises who want to keep their data safe, and users who want to keep their information private.

        I understand that we may need to work on our messaging, as it seems that many are misunderstanding exactly what we are doing.

  6. RP - 8 years ago

    Very cool.

    • gatorguy2 - 8 years ago

      @Rogifan – About half of the top 50 iOS apps in Apple’s store gather and share location data without disclosing that to the user. This would be one example of the type of “malware” (yes the security companies call it that) the Sudo Group would supposedly block assuming the plans follow thru.

      • Will Strafach (@chronic) - 8 years ago

        I don’t know if I would call such activities malware. I do, however, believe that users deserve to know exactly what is happening with their private information, as do enterprises who allow folks to use their mobile phones to conduct business.

  7. I’m not sure many of the commenters here understand what this product actually is. There are multiple MDM companies out there (AirWatch, MobileIron, Good, etc.) that all do a lot of similar things that Apollo claims to do. This is possible because Apple provides a vast amount of these [tools to businesses](http://www.apple.com/ipad/business/it/) looking to create and use MDM solutions.

    The biggest difference is that Apollo brings in _additional_ security on top of the Apple baseline MDM features. These include features like allowing for network and malware monitoring, web content filtering, blocking removal of the MDM solution, and a few others in the included list. The majority of the security features are included in the enterprise version because enterprise apps can be side-loaded and distributed to devices in an enterprise without having to go through the App Store. (This is similar to how GBA4iOS was able to have a click-and-install app on their servers.)

    At the end of the day, this app piggybacks of off Apple’s provided MDM tools, but adds in further security that others don’t provide. As far as trusting ex-jailbreakers, it makes sense. They know the ins and outs of the system, and understand where others could exploit it. If they know how to exploit it, they also know how to patch and potentially protect against new threats.

    As far as Alex Moran’s comment goes, the story about jailbreaking and security hasn’t changed. Jailbreaking an old iOS device _can_ allow for additional security. For example, imagine you owned an iPhone 5 and Apple just released iOS 10 (iOS X?) but they’ve dropped support for the iPhone 5. A week later a security exploit is found in Safari for any device on iOS 9. A person who jailbreaks their device can then install a third-party security patch instead of just going out and buying a new device. This situation is rare, has happened before, but definitely possible.

    • Will Strafach (@chronic) - 8 years ago

      It seems like you have a very good understanding of what is going on, so I will lend this additional bit to clarify: We are providing the MDM features that you describe, mixed together with app-related intelligence related to apps which use suspicious APIs and/or leak data, in order to allow enterprises to develop compliance policies that protect their data (and additionally allow users to protect their own privacy with the very same scanning / detection abilities).

  8. cdm283813 - 8 years ago

    If you care about customizing your phone don’t even think about buying a iPhone in the hopes that it will be jail broken. Enjoy the fact that Apple keeps their phones updated better than anyone in the market. And it’s one of the most secure to boot. Even the government thinks so.

  9. artextrude - 8 years ago

    did anyone check the web link:
    there website available in Arabic and Chinese, that is good new for ISIS and the dictator.
    who fund those guys ?????

  10. vkd108 - 8 years ago

    Money buys revolutionaries Non-Shock.

    Revolutionaries proved to not be actual revolutionaries not news any more as it has become the general case.

    Money talks, revolution walks.