PairLock is a jailbreak tweak that makes your iPhone more secure

Well-known iOS forensics expert, Jonathan Zdziarski, has released a tweak on Cydia by the name of PairLock that makes the iPhone more secure when connecting it to untrusted devices via a cable, especially if you don’t use a passcode.

Over at his blog Zdziarski details the procedure by which your iPhone establishes a trusted connection with a device for the first time:

Any time you plug your iOS device into another computer, this trusted pairing relationship gets automatically created within seconds. The only time this doesn’t occur is if the device is locked with a PIN – and I mean really locked; if you have anything other than “Require Passcode: Immediately” set, then it will remain unlocked for a while even after you shut off the screen.

[…]

Once a device is paired, [address book, notes, photos, music collection, sms database] and more can be accessed wirelessly at any time, regardless of whether you have WiFi sync turned on. A pairing lasts for the life of the file system: that is, once your iPhone or iPad is paired with another machine, that pairing relationship lasts until you restore the phone to a factory state.

While this behaviour is fine when you connect your iOS device to your own work or home machine, it’s very dangerous when connecting to unknown devices where your personal data might be exposed to third-parties. As an example, Zdziarski cites a “Juice-Jacking” demo given at DefCon, a hacking conference, where a public charging station actually initiated pairing with an iOS device, and copied all personal data from it.

pairlock-1

iOS doesn’t let you disable this behaviour, which is why Zdziarski made PairLock that lets you lock or unlock pairing. If you travel often, and plug your iPhone into untrusted charging stations or computers, then you should definitely install PairLock. It is available on Cydia for $1.99.