One of the simplest ways to attach your iPhone’s data and gain access to it is via pairing. When your iPhone is connected to another device (Bluetooth, wired, other wireless) and there’s an exchange of data, it pairs with the device. This is a permanent fixture: once you’ve authorized the pairing, your iPhone remains ‘open’ to the device that just got paired.
Obviously, we don’t think of this a lot. We pair with other devices when we use Bluetooth. We connect our iPhones to public power chargers or computers and more. All this, according to a leading iOS security guy Jonathan Zdziarski, is a huge risk.
Apple’s iOS code does not automatically lock down the iPhone after the purpose of pairing is over. So you have to manually close it down. Obviously again, you can’t do that with settings because turning off services isn’t the solution. You turn them back on and the ports are open again.
That’s why Jonathan came up with PairLock: a tweak that lets you manually lock/unlock pairing. Without getting into the nitty-gritty (which, by the way, is all security talk for the iPhone), here’s the deal:
PairLock lets you unlock when you pair with a secondary device. When the pairing is done and you disconnect from the connection, your device can be locked up to prevent any further pairing with that device. What it basically achieves is that without your knowledge, the once-paired device can no longer gain access into your iPhone.
Jonathan explains the risk involved by talking about a ‘Juice Jacking’ they did at the DefCon in which an unsuspecting user plugged his/her iPhone into one of the chargers which actually paired with the device and collected all data from the iPhone unbeknown to the guy.
There are multiple instances when we plug our devices to public ports and even pair them with public computers without actually knowing what’s in store. So, apparently, PairLock is actually needed.
PairLock is actually a paid tweak for those of you who have iFile and Mobile Terminal. Once you have them both, you can download PairLock from BigBoss repo for $0.99.
To disable pairing, open Mobile Terminal and type:
# pairlock lock
And to enable it:
# pairlock unlock
For those of you who don’t want the hassles of mobile terminal etc., PairLock is available on Cydia too.
PairLock is on the Bigboss repo and can be purchased for $1.99.