Bitcoin Forum

Hi,

I generally use 2fa with Google Authenticator or SMS but I've become concerned that jailbreaking my iPhone and/ or iPad might cause a weak link in security. Any thoughts?

No, jailbreaking or rooting your phone doesn't make it less secure. In fact, you have more control of the security of your phone. Because everything it need to use privilege access. You have to let it or deny it. When it is not jailbreaked or rooted, you don't have this choice. Your phone just let it run without your knowledge.

Just wondering because I heard that there were some dubious code in the recent jailbreak and I also heard about a guy who had his BTC-e account hacked the day after he jailbroke his phone. Makes me a little paranoid.

I think that story about a guy who got hacked the day after jailbreak his phone, are not because his phone jailbreak. If he got 2 factor authentication, this shouldn't happen even if he jailbreak.

If a hacker put a trojan on his phone, there is no way he can use the Google authenticator. You can't VNC into an iPhone/iPad. If he didn't use 2FA, then maybe there was a keylogger. But keylogger is useless when it comes to 2FA, the hacker can't enter the same code you typed within 60 seconds.

So it's impossible for a trojan to intercept Google Authenticator codes?

but he can copy the 2FA token stored on the phone, which he use to generate valid google authenticator codes.

Also, there are VNC servers on cydia for iOS.

So you would advise against jailbreaking your phone if you use 2fa?

I wouldn't advise against it because any discovered backdoors in popular jailbreak software will travel like wildfire. Keep in mind that a backdoor in your phone only breaks half of your 2FA, so it's not enough to gain total control of your account.

Change your root password when jailbreaking. (Assuming you have OpenSSH installed). If somebody had physical access to the phone, they could compromise half of the security using 2fa.