EFF Demands Legal Protection For Jailbreaks

The Electronic Frontier Foundation is asking for legal loopholes to protect users who jailbreak smartphones or video game consoles

The Electronic Frontier Foundation believes jailbreaking and circumventing digital rights management on mobile devices and video game consoles should be legal.

The formal application to the US Copyright Office requests an exemption to the Digital Millennium Copyright Act that would allow users to “jailbreak” smart phones, tablets and video game consoles, the EFF wrote on 2 December.

The exemptions would dispel “any legal clouds” that may prevent users from running applications and operating systems not approved by the manufacturer, according to the EFF.

Modification

Jailbreaking refers to the process of removing the stock firmware on a hardware device and replacing it with a different operating system. The team behind Jailbreak Me has released tools for the iPhone and iPad for users interested in running unauthorised applications.

Steve Kondik developed Cyanogen Mod, a home-brew Android that users can install on their rooted devices. George Hotz, also known as Geohot, released a tool on how to jailbreak the Playstation 3 to run Linux earlier this year.

There is a thriving jailbreak community around Microsoft’s Xbox game system, and there is a service, ChevronWP7 Labs, which allows users to install homebrew and jailbreak applications on the Windows Phone OS. Microsoft even works with the Labs team to support the service.

“Rather than hurting companies like Apple, the jailbreaking community often ends up helping them, as Apple and other manufacturers later adopt many features they rejected at first,” Trevor Timm, an activist at the EFF, wrote on the EFF blog.

The EFF won an exemption in 2009 to protect users who want to jailbreak iPhones and other smartphones. The “vibrant jailbreaking community” has “immeasurably improved innovation, security and privacy in these devices”, Timm wrote.

The EFF wants devices such as the iPad, e-readers and video game consoles to have the “same benefits” those smartphone users have enjoyed for the past three years, he said.

Patches

Fixes developed by the jailbreaking community correct device and operating system security flaws before the manufacturer gets around to fixing them. The Jailbreak Me team identified a security flaw earlier this year in how the iPhone’s web browser opened PDF files.

Until Apple got around to fixing the issue, the protected users were the ones who had jailbroken iPhones and were able to install the “unauthorised” patch released by the team.

The DigiNotar compromise was another example of the jailbroken devices being protected first, according to Timm. After reports emerged that DigiNotar certificate authority was compromised, major web browser vendors updated the desktop versions to revoke the root certificate.

It took a while for the vendors to revoke the certificates on mobile browsers, but users with jailbroken devices were able to update the web browsers manually to protect themselves, Timm wrote.

The jailbreaking community has “also been vital in securing users’ privacy”, Timm wrote. He gave examples such as an iPhone application that hid text messages from appearing on the front screen or a patch that prevented Apple from logging location data.

An unauthorised application called LBE Privacy Guard allows users to research and monitor sensitive data that may be accessible to third-party applications. These “protective applications” are only available to users who jailbreak their devices, according to Timm.

Security threats

“Going against the wishes of your vendor can turn out to be quite the double-edged sword,” Chester Wisniewski, senior security advisor at Sophos, wrote on the Naked Security blog, noting that users with jailbroken devices would have an easier time removing the Carrier IQ monitoring tool from their phones.

However, the jailbreak could also expose users to malware and other security threats since the same security flaw that allowed the jailbreak could be maliciously used to compromise the device.

The Ikee worm for the iOS was one such example since the jailbreak exploit also enabled the Secure Shell (SSH) daemon on the phone to give potential attackers remote access, Wisniewski said.

“Hack the world! Just remember that you are on your own if you thumb your nose at the manufacturer of your device,” Wisniewski wrote.