Digital Sovereignty & Cyber Security

Over the years, Apple has made it prohibitively difficult to install unapproved software on its locked-down devices. But on Saturday, a hacker group called Unc0ver released a tool that will "jailbreak" all versions of iOS from 11 to 13.5. It's been years since a jailbreak has been available for a current version of iOS for more than a few days—making this yet another knock on Apple's faltering security image.

Unc0ver says that its jailbreak, which you can install using the longtime jailbreaking platforms AltStore and Cydia (but maybe don't unless you're absolutely sure you know what you're doing), is stable and doesn't drain battery life or prevent use of Apple services like iCloud, Apple Pay, or iMessage. And the group claims that it preserves Apple's user data protections and doesn't undermine iOS' sandbox security, which keeps programs running separately so they can't access data they shouldn't.

"This jailbreak basically just adds exceptions to the existing rules," Unc0ver's lead developer, who goes by Pwn20wnd, told WIRED. "It only enables reading new jailbreak files and parts of the file system that contain no user data."

The company told Reuters it was aiming to protect all customers, especially in countries where phones are readily obtained by police or by criminals with extensive resources, and to head off further spread of the attack technique.

The privacy standard-bearer of the tech industry said it will change default settings in the iPhone operating system to cut off communication through the USB port when the phone has not been unlocked in the past hour.

That port is how machines made by forensic companies GrayShift, Cellebrite and others connect and get around the security provisions that limit how many password guesses can be made before the device freezes them out or erases data. Now they will be unable to run code on the devices after the hour is up.

These companies have marketed their machines to law enforcement in multiple countries this year, offering the machines themselves for thousands of dollars but also per-phone pricing as low as $50.

Apple representatives said the change in settings will protect customers in countries where law enforcement seizes and tries to crack phones with fewer legal restrictions than under U.S. law. They also noted that criminals, spies and unscrupulous people often use the same techniques. Even some of the methods most prized by intelligence agencies have been leaked on the internet.

“We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data,” Apple said in a prepared statement. “We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs.”

Apple began working on the USB issue before learning it was a favorite of law enforcement.