With more businesses adopting a "bring your own device" (BYOD) mobile policy, it's increasingly important for owners to crack down on employees who are using devices that might put sensitive business information at risk. One way this can happen is if an employee attempts to "jailbreak" his or her mobile device. Jailbreaking is the process of stripping a mobile device of certain programmed limitations in order to do things like buy third party apps or even increase the phone's processing speed.
This month, a storm of jailbreaking broke out after a team of hackers released a tool called "evasi0n," which allows users to unlock the newest the iPhone 5 and iPad Mini for the first time as well as the newest iOS6 software. Apple products are common targets for jailbreaking because some people want the ability to run programs and make customizations that Apple's closed operating system doesn't allow. On Android-powered devices, users can also hack their phones in a process known as "rooting."
The U.S. Copyright Office and Library of Congress technically declared the act of jailbreaking legal, though it outlawed something separate called carrier unlocking -- the process of unlocking a phone so that it can be used on any cellular network.
Security experts warn that jailbreaking can open users, and their employers, to serious risk. Here are three reasons business owners should discourage their staff from jailbreaking their mobile devices:
1. Lack of security.
In order to jailbreak a phone, the user must disable the security that is associated with the operating system's software and introduce a new system. For businesses that are at risk for cyber espionage -- such as telecommunications, aerospace, advanced manufacturing, finance, energy -- employees who use jailbroken devices leave their companies much more open to cyber attack.
"In some ways you’re buying the most sophisticated alarm system to your house, and then choosing to open all the doors and windows afterward,” says Mike Hawkes, chairman of the Mobile Data Association, a not-for-profit industry association group. “It exposes things that wouldn’t normally be exposed."
The risks are even worse for those who seek to buy pre-jailbroken phones. "If I wanted to, I could jailbreak a phone and install [software] that would secretly grab all your keystrokes, monitor all your network activity, resend all your SMS's to me," says Joshua Wright, an analyst and senior instructor with the SANS Institute, a security research and education organization.
2. Malicious apps.
After you jailbreak your phone, applications have greater access to data on your phone than they would at factory settings, says Wright. Apple's app store requirements that help protect users -- asking your permission before it lets an app use your location, for instance -- are eliminated during the jailbreak, leaving users more vulnerable to malicious applications.
3. Disabling your device completely.
If you do something wrong during your jailbreak, you may completely "brick" your device, essentially killing the device and rendering it as useful as a paperweight. Bricking has become less common as jailbreaking tools have become more sophisticated, but it's still a risk. If you do decide to jailbreak, back up your phone entirely before you begin.
The bigger problem is that jailbreaking instantly voids your warranty. If anything ever goes wrong, you're out of luck.