Jailbreak without passcode?

Discussion in 'iPad Hacking' started by offthegrid, Jun 2, 2011.

  1. offthegrid

    offthegrid
    Expand Collapse
    iPF Noob

    Joined:
    Jun 2, 2011
    Messages:
    4
    Thanks Received:
    0
    Can an iPad be jail-broken without the device passcode? If so, can the data from the device be extracted through jailbreak?



    Thanks.
     
  2. SweetPoison

    SweetPoison
    Expand Collapse
    iPad Legend

    Joined:
    Jun 20, 2010
    Messages:
    14,913
    Thanks Received:
    133
    I didn't need a passcode when I JB. Not sure what you mean about your second question.

    I bumped your thread to our Hacking Section so someone will chime in!
     
  3. offthegrid

    offthegrid
    Expand Collapse
    iPF Noob

    Joined:
    Jun 2, 2011
    Messages:
    4
    Thanks Received:
    0
    Thanks, SweetPoison. My company is rolling out iPad and my boss wanted me to find out whether the following scenario is possible:

    "One of our executives' iPad is stolen. The thief is able to jailbreak it without knowing the passcode. He then extracts the whole file system using tools like TPot. Sensitive information stored on the iPad gets leaked. "

    It'd be interesting to hear the team's thoughts on this.
     
    #3 offthegrid, Jun 2, 2011
    Last edited: Jun 2, 2011
  4. extendedforecast

    extendedforecast
    Expand Collapse
    iPF Novice

    Joined:
    May 14, 2011
    Messages:
    46
    Thanks Received:
    0
    Require users to save data to an enterprise cloud and if anyone steals and jailbreaks an iPad they won't get anything from app storage anyway.

    On Android 3.0 there is an encryption option that encrypts the whole file system. I don't know if iPad has something similar. There's also the option to wipe it remotely.which I'm pretty sure iPad.does have. I think your execs will be ok.

    Its execs doing stuff like sending and receiving sensitive emails on public wifi networks you have to worry about. That's a D'oh! Made much easier with the invention of the tablet/netbook.

    Sent from my Xoom using Tapatalk
     
    #4 extendedforecast, Jun 3, 2011
    Last edited: Jun 3, 2011
  5. f4780y

    f4780y
    Expand Collapse
    Super Moderator
    Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,115
    Thanks Received:
    651
    The short answer to your question offthegrid is yes, but it is quite unlikely. The JB tools on their own would not allow your data to be compromised. The thief would have to be knowledgeable and skilled and have some custom / specialist packages at his disposal. It’s certainly not fair to say that anyone who knows how to jailbreak an iPad would be able to get into your device and retrieve the data. for example, just running resn0w over the top would not reveal or provide access to anything at all.

    So like anything, it is possible in theory but would require quite a specialist set of skills and knowledge which are not at all widespread.
    The best line of defence as has already been suggested is to have your devices properly provisioned as enterprise devices and have the remote wipe capability on standby so any stolen device is immediately wiped as soon as the situation is notified to the relevant person.

    I hope that does not put your boss off opting for them. They are no less secure than any other business device such a laptop really. And remember, the best security is always to train your staff NOT to compromise themselves with the device!
     
    #5 f4780y, Jun 3, 2011
    Last edited: Jun 3, 2011
  6. offthegrid

    offthegrid
    Expand Collapse
    iPF Noob

    Joined:
    Jun 2, 2011
    Messages:
    4
    Thanks Received:
    0
    Thanks for the advice. We do have ability to remotely wipe the device. However, our consultant claims that once [FONT=&quot]he uses redsn0w to jail-break the device without inputting passcode, he can load a free file browsing tool such as Total Commander with TPot. Within a few minutes, he will has full access to the entire iPad file system. He showed me this using his laptop. Although he did uninstall iTune on that laptop, since this laptop was the same one he originally synced the device with, I am not sure if this will still be possible with another laptop. We are just concerned about the possibility that someone may be able to gain access to the data before we have a chance to wipe it.[/FONT]
     
  7. graywolf

    graywolf
    Expand Collapse
    iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,652
    Thanks Received:
    35
    But, when you run redsnow you can install a package with the jailbreak. So couldn't a dev just make a tweak that will detonate and explode the filesystem for all to see?
    So is that what you mean by, "the thief would have to be knowledgeable and skilled and have a custom / special package" ?
     
  8. f4780y

    f4780y
    Expand Collapse
    Super Moderator
    Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,115
    Thanks Received:
    651
    Yup, that's pretty much it YoungOne.
    So the thief that is stealing the iPad also needs to be a dev of quite reasonable talent (or have access to "specialist" bundle(s) created by one).
    Not an impossible situation, but not that likely in a real world scenario.
    Just my opinion of course. I just think folks can get too paranoid about this kind of stuff.

    EDIT - Although as offthegrid pointed out I was not thinking it through effectively. It's probably easier than I thought.. see blow.
     
    #8 f4780y, Jun 3, 2011
    Last edited: Jun 3, 2011
  9. f4780y

    f4780y
    Expand Collapse
    Super Moderator
    Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,115
    Thanks Received:
    651
    Yes, redsn0w+OpenSSH bundle coupled with TotalCommander+TPot sounds like it will allow USB access to the file system. I must check that myself. I guess I'm not thinking too laterally today at all. Brain fade? Not that specialist a solution after all. My bad, sorry.
    Guess the question is still, how much of a risk do you perceive that to be from a business perspective? If your data is that sensitive it should probably be confined to a properly encrypted disk. If you allow your guys laptops which are well protected, then unless you can ensure a similar level of data protection on the iPad, it's probably off the menu for a while...
    On the plus side, iPad2's are perfectly safe at the moment, because they can't be exploited! No doubt they will be one day though...
     
    #9 f4780y, Jun 3, 2011
    Last edited: Jun 3, 2011
  10. graywolf

    graywolf
    Expand Collapse
    iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,652
    Thanks Received:
    35
    there is a way to view and edit the filesystem via USB? I would like to know that. I have been trying to do that forever! :)
     

Share This Page



Search tags for this page
can you jailbreak an iphone without knowing the password
,
can you jailbreak without passcode
,
how to jailbreak ipad with passcode
,
how to jailbreak ipad without passcode
,
jailbreak ipad with passcode
,
jailbreak ipad without passcode
,
jailbreak iphone with passcode
,

jailbreak iphone without passcode

,

jailbreak without passcode

,
jailbreak without password