It looks like the fucking lack-wits at Lifehacker are still attempting, and miserably failing, to report on technology. Case in point: the execrable piece of crap that Kevin Purdy shat forth today under the headline “Latest iPhones Block Jailbreaking.”
Before I address the article itself I want to make something clear. All of the current processes used to “jailbreak” iPhones (that I know of, correct me if I’m wrong) rely on operating system exploits to do their thing. That’s right kiddos, exploits as in “the shit that the evil crackers use to “pwn” your systems.
So, what heinous crime is Apple has Apple committed this time? From the Lifehacker story:
The Dev-Team and other jailbreak makers have been using an exploit known as 24kpwn to break into the iPhone and obtain deeper access to install new app markets and unlock certain features. A new booting firmware update, iBoot-359.3.2, has been shipped on 3GS models manufactured since last week, however, and a Dev-Team member tells the Boy Genius Report that jailbreaking won’t be possible on the newer units, at least until another exploit is found.
OMFGWTFBBQ!!! Apple patched a known exploit in the OS, why those fucking assholes!! How dare they make the iPhone more secure at the expense of a bunch of whining fuck–wits?!?
More quoting of the terminally dumb:
It’s odd to see Apple spend so much effort on fighting back against a niche group of iPhone enthusiasts, but then again, AT&T has an interest in keeping things like tetherting to a minimum. For the time being, if you’re looking to break into a newer iPhone model, hold off until another exploit is (inevitably) found.
Look you ignominious piece of squirrel vomit, Apple isn’t expending effort to block jailbeaking. They’re patching known, exploitable vulnerabilities in the operating system. If this was the desktop Mac OS you twats would be bitching that it took them this long to patch the hole.
In summary, fuck you Kevin Purdy. Fuck you Lifehacker. And fuck you jailbreaking “community” that would rather see the iPhone remain less secure just so that you can run your craptacular apps.
Though I certainly hate tech crap as much as the next guy and I certainly don't want an insecure operating system, I want there to be a jailbreaking community so that I can jailbreak my iPhone. And I will tell you why. My 2 year contract with AT&T is over; I got the original iPhone and didn't upgrade. I just moved to another country where there is no iPhone. How the fuck am I supposed to use my iPhone? Mind you, I paid the “subsidy” (it's a loan really) with AT&T (even though since I have the original one I actually paid the $400) and now I don't have a contract with them, which means I should be able to use the phone I paid for anywhere I want. But I can't. Not only that, but like I said, I am in another country now and there is no carrier here that supports the iPhone. So, what am I supposed to do other than jailbreak it? What do you think about my situation? (And please refrain from childish comments like “move to another country”, “why did you move in the first place?”, “why did you buy an iPhone in the first place?”, or any other shit that does not relate directly with the situation).
This is so phenomenally stupid, I really think it deserved about twice the rant it received. Angry Drunk getting lazy?
So, like, jailbreak devs are actually white hats providing security consulting to Apple? Thanks, guys!
First, don't fucking tell me how I can or can't respond to you comment on my website. Second, Apple isn't under any obligation to provide you with a functioning phone on any network other than the one they intended for it to work on. Would you be complaining if you moved to an area with only CDMA coverage?
That said, I actually do support the notion that out-of-contract and ETF'd phones (from all manufacturers) should be eligible to be carrier-unlocked. I just think that that should be mandated at the carrier level (since they are the one's that care) and done legitimately, not though having to hack the phone hardware. As for jailbreaking merely to run unapproved apps, I don't care if people do it, but I do want people to nut up and call a spade a spade. Jailbreaking uses firmware and operating system exploits to get the job done. It's technologically no different than a hacker rooting a desktop to make it part of a botnet.
In Sweden your carrier can unlock your iphone, my carrier allows it after 12 month on the contract (even if its longer than than that).
So there is nothing inherent in the iphone that blocks the carrier to unlock your phone, so bitch to AT&T for not doing it.
People should be free to carrier unlock… after they've paid their contract in full. An iPhone's unsubsidized price is quite high. Asking to buy it at a subsidized price (a huge discount) and then take that cheap iPhone to another carrier is a breach of contract, and defrauding your original carrier.
Everything isn't free. Pay up or nut up, kids.
I'm pretty sure the exploit they were using was in the bootloader. My understanding is that they were essentially able to fool it into thinking it was running signed code when it wasn't. I think this kind of issue could really only ever be exploited with physical access to the phone, in order to load a new OS on to it. So it is a security issue, but not on the level of some the older ones that exploited a hole in libtiff, and would remotely jailbrake the iPhone just by visiting a web page. That was a really, really, really nasty hole.
See, Matt this is exactly the sort of response that confuses me. People howl in rage when Apple doesn't immediately patch vulnerabilities in the desktop OS that can only be exploited via physical access, and rightly so. The very same media outlets that are excoriating Apple over this were the ones spreading all manner of FUD over a vulnerability that required the receipt of a minimum of 500 perfectly ordered SMS messages, a hurdle which, in my book, puts it in the same class as needed physical access. An exploit is an exploit, just because this one in particular happens to enable a behavior that you find desirable doesn't change that fact.
I'm not trying to say it's not a problem, and that Apple shouldn't have fixed it. Just that I view a vulnerability that requires physical access as being way less of an issue than one that can be done over the network. At the end of the day, any device that an attacker has physical access should be considered compromised. Even with the encryption on the 3GS, from what I understand, it's pretty trivial (for a certain definition of “trivial”) to recover the key with physical access, and read data directly off the internal flash.
I look at this the same way for a desktop. If Apple had to decide between two security bugs to fix, one that requires physical access to the computer, but gets you a root account, and another that can be exploited over the network, but only gets access to the current user's account. I think Apple should concentrate on the remote exploit first.
What I really don't get, is that I believe AT&T's policy with every other phone they have is that 90 days in to the contract it can be unlocked. I have a friend who was going to France for a year, and managed to talk AT&T into unlocking her phone on day 75 or so. I think it helped that she was on her parent's family plan, which they were continuing, but AT&T was willing to unlock a phone that was still under contract. I just don't understand why the iPhone should be any different. At least let people do it after their contract is expired, or if they buy out their contract.
To this I agree 100%. Whether it be Apple, AT&T or whoever, that policy needs to change. And if they aren't willing to change the FCC needs to become involved. Once the carrier has their pound of flesh the phone should be operable on any (compatible) network.
I agree with you here. Vulnerabilities should be prioritized by threat level. What irks me are the people who are implicitly arguing that Apple should have left this one open because it was useful to jailbreakers/unlockers (not saying that you're making that argument, but some people are, cf. the dolts at Lifehacker).
I didn't tell you how to or not respond on your fucking website. I asked politely; there's a difference. Second, I will tell anyone whatever the fuck I want wherever the fuck I want. If you chose to publish or not is up to you, of course. But my intention was start a more technical discussion rather than a childish name calling one. Third, I didn't say Apple was under obligation to do shit. Fourth, I would not complain if I moved to a place with CDMA coverage only because I am not that stupid. I agree with the rest of your reply.
lol, actually this exploit they patched was not a security threat to anyone, and it didn't make the phone any more secure then it was before. The only thing that this exploit allowed was to jailbreak your phone automatically whenever it reboots. It's totally useless to anyone unless ANOTHER exploit is there first (the security threat kind!). Since this isn't making the system anymore secure or stopping jailbreaking, it's really just an attempt to make jailbreakers life more difficult. Although I'm not really too upset about this for a few reasons, A) I knew is was going to happen sooner of later (wish it was later though), B) The jailbreak community is a bunch of crying, spoiled snobs who didn't know how well they had it with this exploit until now, and C) I LOOOVE finding new exploits =)
And the biggest problem with those idiots' argument is that if Apple gave half a fuck about making life easy for the jailbreakers, they could have just let the iPhone run unsigned code from the start. Apple obviously doesn't want you running anything other than their approved software on the iPhone. If the kids at Lifehacker don't like it, they can go play somewhere else. I must have missed the part in the Bill of Rights where everyone was guaranteed an iPhone.
-Matt (Disqus doesn't seem to be playing nice with me right now)
Actually, this exploit is in the bootrom. It is no danger for the average user, like if it was an exploit in Safari or something. To get into “bootrom mode”, the user must know exactly what they are doing, they need to boot their device in a special way with a special button combination. This is not something an average user would randomly do. Unless you know anyone that would randomly decide, “Hey, I'm going to restart my iPhone while holding down the home and power buttons for 30 seconds, and then go on the internet and download a random program that runs a ramdisk that kills my iPhone (no program like this has been made to date)”, then this article is nothing but a bunch of FUD.
but I just wanna add, you are absolutely correct, if there is a *security* vulnerability, they have an obligation to patch it up and should. Also none of these users have the right to bitch about, they should of expected apple would patch it up.
btw, sorry if my grammer/spelling sucks, from one drunk to another
“Look you ignominious piece of squirrel vomit, Apple isn’t expending effort to block jailbeaking.”
Aren't they? Is this even exploitable remotely?
“They’re patching known, exploitable vulnerabilities in the operating system. If this was the desktop Mac OS you twats would be bitching that it took them this long to patch the hole.”
If it was the only way known to install third-party software on it, I highly doubt the response would be any different. The difference is: it's not. It's downright easy to install a whole third-party OS on it, and Apple even supports that, and advertises it as a feature (“Boot Camp”). If Apple supported letting you run arbitrary software on the iPhone, nobody would need a “jailbreak” hack.
As soon as Apple starts supporting and advertising the ability to do what you want with your own iPhone, the number of people wanting to “jailbreak” their iPhones will drop to approximately zero.
One pont most every comment on this kind of exploit misses is that this IS a threat if your “adversary” has physical access to your phone for just a couple minutes. It could allow them to install all kinds of monitoring/spying software.
Sing it, brother!
This is the kind of security rationalization they do at Microsoft and which brought us the botnet.
> Even with the encryption on the 3GS, from what I understand, it's pretty trivial
> to
> read data directly off the internal flash.
My understanding is the encryption is there only so you can instantly remote wipe the phone by destroying the keys. It is not meant to prevent someone with physical access to the device from reading data off it if the keys are intact.
> The only thing that this exploit allowed was to jailbreak your phone
Prognostication. I don't know if that's really enough to make the 99.9% of iPhone users and Apple and the 100 carriers who are not involved in jailbreaking feel good about carrying this bug around in their phone for the convenience of tinkerers.
> it's really just an attempt to make jailbreakers life more difficult.
Now you are reading minds!
This is only a “threat” for people who already have their phones jailbroken. That's all on their own ass. I'd you're paranoid, then dot jailbreak
I'm a little disappointed that the Internet Civility Squad hasn't come 'round yet to chide me on my language. Come on mother–fuckers, I'm on a schedule here.
You took that way out of context. This exploit does not allow you to jailbreak your phone, it allows your jailbreak to stay persistent, that's all. The only people worried are apple and their carriers.
Oh come on. You’re comparing apples to oranges. Not all “exploitable vulnerabilities in the operating system” are equivalent.
The exploit that the iPhone Dev Team has been using requires physical access to the device and requires deliberate action by the user. Even if malwere existed that took advantage of this vulnerability, it would still have to be run by the user on his own computer, and would require that the user follow several explicit manual steps like connecting his iPhone at the right time and restoring the iPhone from the modified firmware bundle in iTunes.
This is a far cry from an exploit in that lets someone halfway around the world take control of your PC from without your even knowing about it.
An iPhone modified with the pwnage tool allows user to run whatever applications he wants. THIS ability could of course be exploited to, say, trick the user into installing malware on his iPhone. But the user who runs the pwnage tool knows what he’s doing. And it’s not as if the only alternative to a general purpose handheld computing device is one locked down by the manufacturer. Just imagine if you could run only Apple-approve apps on your Mac. Come now! There are other ways to make computing devices secure.
Time and time again, crackers have shown the ability to find and exploit vulnerabilities in unforeseen ways. It is virtually impossible to predict what they will leverage and Apple must cover its ass by securing vulnerabilities if it hopes to retain customers and provide a relatively secure user experience. Appeasing a vocal minority of hackers are simply not worth the potential risks.
Despite the narcissistic paranoia, Apple is not in business to thwart the entitletards. It does what is does because it believes those actions will result in profit by creating value for its customers. The iPhone is not the Mac and to try to equate the two is absurd and calling their efforts to maintain the security and reliability of their product draconian is even more so.
Time and time again, crackers have shown the ability to find and exploit vulnerabilities in unforeseen ways. It is virtually impossible to predict what they will leverage and Apple must cover its ass by securing vulnerabilities if it hopes to retain customers and provide a relatively secure user experience. Appeasing a vocal minority of hackers are simply not worth the potential risks.
Despite the narcissistic paranoia, Apple is not in business to thwart the entitletards. It does what is does because it believes those actions will result in profit by creating value for its customers. The iPhone is not the Mac and to try to equate the two is absurd and calling their efforts to maintain the security and reliability of their product draconian is even more so.
[...] Fixes Exploitable Bug in Boot ROM”. The bugs exploited by jailbreakers aren’t sacred. They’re bugs. [...]