offthegrid
iPF Noob
Can an iPad be jail-broken without the device passcode? If so, can the data from the device be extracted through jailbreak?
Thanks.
Thanks.
Apple iPad Forum 🍎
Welcome to the Apple iPad Forum, your one stop source for all things iPad. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
Jailbreak without passcode?
- Thread starter offthegrid
- Start date
SweetPoison
iPF Noob
I didn't need a passcode when I JB. Not sure what you mean about your second question.
I bumped your thread to our Hacking Section so someone will chime in!
I bumped your thread to our Hacking Section so someone will chime in!
OP
offthegrid
iPF Noob
- Thread Starter
- #3
Thanks, SweetPoison. My company is rolling out iPad and my boss wanted me to find out whether the following scenario is possible:
"One of our executives' iPad is stolen. The thief is able to jailbreak it without knowing the passcode. He then extracts the whole file system using tools like TPot. Sensitive information stored on the iPad gets leaked. "
It'd be interesting to hear the team's thoughts on this.
Last edited:
extendedforecast
iPF Noob
Require users to save data to an enterprise cloud and if anyone steals and jailbreaks an iPad they won't get anything from app storage anyway.
On Android 3.0 there is an encryption option that encrypts the whole file system. I don't know if iPad has something similar. There's also the option to wipe it remotely.which I'm pretty sure iPad.does have. I think your execs will be ok.
Its execs doing stuff like sending and receiving sensitive emails on public wifi networks you have to worry about. That's a D'oh! Made much easier with the invention of the tablet/netbook.
Sent from my Xoom using Tapatalk
On Android 3.0 there is an encryption option that encrypts the whole file system. I don't know if iPad has something similar. There's also the option to wipe it remotely.which I'm pretty sure iPad.does have. I think your execs will be ok.
Its execs doing stuff like sending and receiving sensitive emails on public wifi networks you have to worry about. That's a D'oh! Made much easier with the invention of the tablet/netbook.
Sent from my Xoom using Tapatalk
Last edited:
The short answer to your question offthegrid is yes, but it is quite unlikely. The JB tools on their own would not allow your data to be compromised. The thief would have to be knowledgeable and skilled and have some custom / specialist packages at his disposal. It’s certainly not fair to say that anyone who knows how to jailbreak an iPad would be able to get into your device and retrieve the data. for example, just running resn0w over the top would not reveal or provide access to anything at all.
So like anything, it is possible in theory but would require quite a specialist set of skills and knowledge which are not at all widespread.
The best line of defence as has already been suggested is to have your devices properly provisioned as enterprise devices and have the remote wipe capability on standby so any stolen device is immediately wiped as soon as the situation is notified to the relevant person.
I hope that does not put your boss off opting for them. They are no less secure than any other business device such a laptop really. And remember, the best security is always to train your staff NOT to compromise themselves with the device!
So like anything, it is possible in theory but would require quite a specialist set of skills and knowledge which are not at all widespread.
The best line of defence as has already been suggested is to have your devices properly provisioned as enterprise devices and have the remote wipe capability on standby so any stolen device is immediately wiped as soon as the situation is notified to the relevant person.
I hope that does not put your boss off opting for them. They are no less secure than any other business device such a laptop really. And remember, the best security is always to train your staff NOT to compromise themselves with the device!
Last edited:
OP
offthegrid
iPF Noob
- Thread Starter
- #6
Thanks for the advice. We do have ability to remotely wipe the device. However, our consultant claims that once [FONT="]he uses redsn0w to jail-break the device without inputting passcode, he can load a free file browsing tool such as Total Commander with TPot. Within a few minutes, he will has full access to the entire iPad file system. He showed me this using his laptop. Although he did uninstall iTune on that laptop, since this laptop was the same one he originally synced the device with, I am not sure if this will still be possible with another laptop. We are just concerned about the possibility that someone may be able to gain access to the data before we have a chance to wipe it.[/FONT]
graywolf
iPF Noob
f4780y said:
But, when you run redsnow you can install a package with the jailbreak. So couldn't a dev just make a tweak that will detonate and explode the filesystem for all to see?
So is that what you mean by, "the thief would have to be knowledgeable and skilled and have a custom / special package" ?
Yup, that's pretty much it YoungOne.
So the thief that is stealing the iPad also needs to be a dev of quite reasonable talent (or have access to "specialist" bundle(s) created by one).
Not an impossible situation, but not that likely in a real world scenario.
Just my opinion of course. I just think folks can get too paranoid about this kind of stuff.
EDIT - Although as offthegrid pointed out I was not thinking it through effectively. It's probably easier than I thought.. see blow.
So the thief that is stealing the iPad also needs to be a dev of quite reasonable talent (or have access to "specialist" bundle(s) created by one).
Not an impossible situation, but not that likely in a real world scenario.
Just my opinion of course. I just think folks can get too paranoid about this kind of stuff.
EDIT - Although as offthegrid pointed out I was not thinking it through effectively. It's probably easier than I thought.. see blow.
Last edited:
Yes, redsn0w+OpenSSH bundle coupled with TotalCommander+TPot sounds like it will allow USB access to the file system. I must check that myself. I guess I'm not thinking too laterally today at all. Brain fade? Not that specialist a solution after all. My bad, sorry.
Guess the question is still, how much of a risk do you perceive that to be from a business perspective? If your data is that sensitive it should probably be confined to a properly encrypted disk. If you allow your guys laptops which are well protected, then unless you can ensure a similar level of data protection on the iPad, it's probably off the menu for a while...
On the plus side, iPad2's are perfectly safe at the moment, because they can't be exploited! No doubt they will be one day though...
Last edited:
graywolf
iPF Noob
f4780y said:
there is a way to view and edit the filesystem via USB? I would like to know that. I have been trying to do that forever!
alexjrivera
iPF Noob
- Joined
- May 30, 2011
- Messages
- 8
- Reaction score
- 0
graywolf said:there is a way to view and edit the filesystem via USB? I would like to know that. I have been trying to do that forever!
USB? as in universal serial bus like the flash drives you plug in? please correct me.
Yes. USB. iPad connected via it's dock connector and charging cable to PC's USB, just like you do any time you sync with iTunes. Then use something like TotalCommander+TPos to open a SSH tunnel to the iPad and read it's file system.
iTunnel used to provide this too, but not sure if it's currently supported.
iTunnel used to provide this too, but not sure if it's currently supported.
graywolf
iPF Noob
f4780y said:
So just over wifi. Nevermind. I thought it was truly via USB, like a flash drive.
Eh? Are you trippin YoungOne? Where did I say WiFi? Over USB. Only over USB...
Connect the cable and presto.
Link - http://code.google.com/p/t-pot/
Last edited:
graywolf
iPF Noob
f4780y said:Eh? Are you trippin YoungOne? Where did I say WiFi? Over USB. Only over USB...
Connect the cable and presto.
Link - http://code.google.com/p/t-pot/
I thought ssh was over wifi only.
thanksMost reactions
-
408 -
266 -
212 -
196 -
125 -
57 -
19 -
16 -
C
7
-
3
