I, for one, am all for jailbreaking iOS, as it is my personal belief that a manufacturer should not have the control over your electronics that Apple does on its iDevices. Jailbreaking comes with many benefits and can be done for many legitimate purposes, although unfortunately it doesn’t always end up that way. A team of German researchers at the Fraunhofer Institute Secure Information Technology have successfully cracked iOS’ keychain system, allowing access to any and all passwords stored on an iDevice provided that it is jailbroken.
All someone would need to get to the passwords stored on your iDevice would be to have it in his possession, to have it jailbroken, and to have SSH installed on it. So, as long as you don’t let your iDevice get into the wrong hands, you have nothing to worry about. However, if you do, you can consider your passwords to everything from your email accounts, WiFi network, voicemail, and more to be compromised. [Ed. Another good reason to have Find My iPhone set up through MobileMe, as you can use it to lock or wipe out your data remotely.]
It will be interesting to see what Apple will do about this, if anything. The only obvious solution on their end would be to put a stop to jailbreaking. However, this is extremely unlikely as they haven’t been able to yet and probably never will be as there are new exploits found in their software and hardware all the time. Let’s hope they take a more realistic approach and try to fix this through a more logical method, as I’m sure that this security exploit (which isn’t even a threat unless you’ve lost your iDevice) will not put a stop to the jailbreaking scene.
You can read the full report (PDF) on this security breach from sit.fraunhofer.de, and you can watch a video of the exploit in action below.