Thursday, May 28, 2015

Jailbreaking iOS is a Dead Man Walking


Rumor has it that Apple will include a new security feature (possibly known to the developers in Apple as "Rootless") in the upcoming releases iOS 9 and OS X 10.11. Although details are sparse, it looks like Apple may have implemented what other UNIX systems call "namespaces" (See this nice discussion of namespaces on Linux).

Most of the public speculation about the rumor concerns a possible end to jailbreaking, a sport which has fallen on hard times with successful jailbreaks coming fewer and farther between. Since the defects which enable jailbreaking are inherently open to malware, Apple's ongoing efforts to find and fix these bugs with the LLVM/Clang compiler's ever-more-diligent static analyzer make it harder for the jailbreak community to find a toehold.

However, a namespaces-like security architecture might fix one of the biggest issues that leads people to desire a jailbroken iPhone. When iOS was created, the system extension features were locked down to Apple-only development, in order to (dramatically) improve the security posture of the iOS devices. This strategy, in combination with other features like digital signatures on third-party software, has been successful, too. Malware on iOS is essentially non-existent (although there has been at least one interesting bit of malware discovered on jailbroken iOS devices). The trade-off is that third party developers cannot extend the system, as they can on the Mac.

With an operating system kernel architecture based on namespaces (or something like it) Apple would be in a position to begin relaxing the restrictions, allowing developers to build plugins which extend basic iOS services—at which point there's very little remaining incentive to jailbreak a device. Don't expect plugins on iOS right away, though. Apple is likely to test out the robustness and iron the wrinkles out on the smaller pool of OS X devices, before re-introducing something like plugins and system extensions on iOS the following year.

If the new Rootless features are indeed based on namespaces, there will be other benefits, aside from improved security of the system, such as improved performance of virtualization systems running on OS X and native support for cloud services platforms and tools like Docker. Since Apple is one of the largest cloud services vendors in the world, this sort of improvement to OS X seems even a little overdue.

Another interesting possibility: SVA (see their site: Secure Virtual Architecture), a memory safety approach that's basically been a research project for years, emerging from the same community as LLVM/Clang. Maybe Rootless is an SVA-like implementation?

WWDC 2015 is right around the corner. If there's a kernel of truth in the "Rootless" rumors, perhaps Jailbreaking is dead. If so, it's probably a cause for celebration, rather than mourning. Long live Rootless secure system extensions.