Also worth noting is that they don't have an attack vector for it at present or any evidence it's been deployed. Seems like an 'in development' version that was latent on the control servers, since you have to jailbreak and get the package through Cydia.
(It should be noted that if at some time they have an attack vector, the concern would obviously be a phish-able jailbreak attacking all users running versions of iOS before 8, as there is a known CoreGraphics vulnerability with a public proof of concept that can be targeted using malicious PDF files for those devices which could potentially be used to launch a kernel exploit.)
When buying a phone in China, part of the cost is the service and installation of software that you'd like. As the price differential is so great and the international boundaries so weird, oftentimes the store you buy your phone from will preload any international software you'd ever want, any custom keyboards, any custom anythings you'd like. When iPhones were not actually sold to the Chinese market, there still were grey-market iPhones everywhere being jailbroken and localized via custom jailbreaking services. In fact, it appears some of the more recent jailbreaks have come from within China first (or 'first not sold to security companies'). [google: Pangu iOS]
The entire purpose of a jailbreak is to bypass the security protections on the device.
It should be a known risk. I imagine many people don't know (friend told them "this is how you install this weird thing", "this lets you customize icons", "this lets you get apps for free"), but this is the purpose of jailbreaking.
After spending some time in Hong Kong, these are the motivations that I've seen for jailbreak:
1. Piracy. Apps are expensive on iOS, but Hong Kong loves brands. Having an iPhone is a fashion symbol. Also, access to pirated content (video/music) is a big deal in HK; content is often expensive or unavailable in the region. Content piracy apps, such as BitTorrent clients, Baidu music downloaders, and some MKV-friendly video players, are only available after jailbreaking.
2. Carrier unlock. iPhones sold in Hong Kong are carrier-unlocked, but imported iPhones are often carrier-locked. To force a carrier unlock, you must jailbreak your phone. As a result, a lot of iPhones in HK are either jailbroken to allow carrier unlock or use hardware-based SIM card hacks.
3. Tethering. In HK, most data plans did not allow for free tethering (at the time I was there). Jailbreak allows "illicit" tethering that uses the same data plan, without informing the carrier about how the data is being used.
So, don't assume that jailbreakers are necessarily ignorant.
It's unfortunate that jailbreaking comes with non-obvious security compromises.
All the points that you raised are either plain illegal (piracy) or against terms of services you use (tethering). Not sure about carrier unlock in HK, because for example in my country (Poland) it's legal to unlock your phone and there's even this law that every carrier has to provide means to remove the simlock off the device after the end of their contract.
The purpose of a jailbreak is to bypass the control mechanisms of the device. Unfortunately they're tied up with the security stuff, but it's not exactly the same.
Sure, but the weakness is exploited using physical connection between the device and a computer ( I remember one or two jailbreaks in history were opening a pdf or something like this, but nowadays those are history as well ).
And when you actually exploit this weakness, next phase is installing apps that can exploit your whole phone.
Back in time I was keen on jailbreaking my device, because I wanted to see bash prompt and do whatever I want with it, but nowadays I left this for non-used devices that I have. I'm pretty concerned with security after the whole NSA revelations and I believe my device is more secure if it's not jailbreaked.
There is a known CoreGraphics exploit for versions of iOS before 8.0 for which there is a public proof-of-concept available in the form of an open-source project that generates an exploit PDF. If you are running iOS 7.1.2 you are more, not less, secure if you jailbreak your device and then patch the bug on your system.
To some degree, yes. The ability to jailbreak a phone is indicative of a poor security framework. In theory, there should be a chain of security from the bootloader, to the kernel, the full operating system that should be secure.
If someone is able to break that chain of security, then that demonstrates a weakness in security.
The question then becomes how easy is it for an attacker to break that chain of security, and is the jailbreak remotely exploitable.
I think a lot of it has to do with the fact that the Chinese are only after the "fashion"/styling aspect of iProducts, and most don't like the walled garden - after all, they are living in a country with highly filtered Internet access.
But as the saying goes, "With freedom comes responsibility."
If this affected non-jailbroken devices they wouldn't be wasting their efforts using it against protesters. Something like that would be extremely valuable.
I know it's an old argument, but they don't have an attack vector and thus no known infection, because iOS is locked down, so only jail broken devices would be at risk. Say what you will against Apple's tight control over their ecosystem, but between keeping the NSA out of our phones data and things like that ineffective, it'll keep being a plus for me.
Only "jailbreakable" devices are at risk: it doesn't matter if the exploit has already been used or not, the issue is that an exploit is possible on your device.
Most people assumed that the Apple encryption was designed in reaction to NSA intrusion into everybody's privacy. But it might also be a strong sales argument in markets where intrusion into people devices is just normal.
The encryption won't prevent spyware from reading information on an active device. Once the user is logged into the device, the spyware will have access to the OS. These are two separate issues.
https://www.lacoon.com/lacoon-discovers-xsser-mrat-first-adv...
Also worth noting is that they don't have an attack vector for it at present or any evidence it's been deployed. Seems like an 'in development' version that was latent on the control servers, since you have to jailbreak and get the package through Cydia.