iPhone Jailbreak - ...
 
Notifications
Clear all

iPhone Jailbreak - Anyone Doing It?

8 Posts
5 Users
0 Likes
753 Views
(@the_grinch)
Posts: 136
Estimable Member
Topic starter
 

I saw that there is now a jailbreak available for 11.4 and was wondering if anyone is jailbreaking devices in order to get more from their extractions? Assuming you either have the passcode or there isn't one, are you taking the extra step of jailbreaking the device in order to obtain more? Elcomsoft is saying they can obtain a physical on iDevices once jailbroken which got me thinking is this a step I should be taking for devices I receive.

 
Posted : 09/02/2019 12:46 am
(@tinybrain)
Posts: 354
Reputable Member
 

You better take Cellebrite for your issue.

 
Posted : 09/02/2019 5:56 am
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

It really depends on the task you need to do…

For example if you need to examine some malware or spyware, which probably is already at root level, you better don't destroy evidence by trying to jailbrake.

If you need to gather more information over a logical filesystem extraction, if documented in the right way, jailbrake can be ok.

 
Posted : 09/02/2019 11:15 am
(@the_grinch)
Posts: 136
Estimable Member
Topic starter
 

Got it! This was all a hypothetical just to see the value vs risk and to see what others are doing. Obviously, the aim is to get the most evidence as possible with destroying it and the question has to be asked. Thanks as always!!

 
Posted : 09/02/2019 8:58 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

Before doing this kind of stuff on a live device, ALWAYS try it first on a similar dummy device. If that works as expected, I don't see any major problem repeating the process )

 
Posted : 10/02/2019 7:36 am
(@randomaccess)
Posts: 385
Reputable Member
 

Check out Sarah Edwards' research
Some answers you will only get with a jailbreak->file system extraction

 
Posted : 10/02/2019 10:39 am
(@the_grinch)
Posts: 136
Estimable Member
Topic starter
 

Awesome! Thanks I will check her out…seems she has a podcast on iOS forensics.

 
Posted : 10/02/2019 8:39 pm
(@v-katalov)
Posts: 52
Trusted Member
 

Well, there are some problems related to jailbreaking

1. This is of course not "forensically sound" – user partition is being modified.

2. Jailbreaking usually requires Internet connection (on the phone) to trust the certificate. That means that device can be remotely wiped, or at least it can sync with the cloud, so some data can be changed or deleted.

3. Potential risk to corruption of user data. It is in fact minimal for iOS 10-12 jailbreaks due to the way jailbreaks now work – in worst case, device can just reboot.

So using CAS is probably safer, but… We do not know exactly how it works. They probably sideload their "agent" (signed by enterprise certificate) into the device; in any case, "no jailbreak" is not equal to "no changes to the device" and "no risk".

 
Posted : 14/02/2019 1:16 pm
Share: