Slashdot Mirror
iPhone, iPod Touch 1.1.1 Firmwares Jailbroken
vertigoCiel writes "Hackers Niacin and Dre have recently gained full read and write access to the filesystems of both the iPhone and the iPod Touch. The Jailbreak exploits a vulnerability in Safari's TIFF library to execute the necessary code when the specially crafted image is loaded. Access can then be permanently sustained by modifying the fstab file with iPhuc"
Wouldn't it be easier to buy an phone/mp3 player that isn't crippled?
Don't patch until there is a working hack for the new patch. And yes, a new hack will always surface.
What 'hint'? They are under legal obligation to maintain their firmware so that the phones can't be used on other networks for another 5 years. They are also under obligation to their customers to provide firmware for their phone that is as bug-free as possible. If the user can hack it, a malicious attacker can, too.
So are you saying that they shouldn't patch the vulnerabilities, that they shouldn't release new firmware at all, or that they should break their contract with AT&T which could make every iPhone out there useless overnight unless it is hacked?
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
They need to patch anyway.
:p
Every single iphone and touch is running a vulnerable safari (using a year out of date libtiff). Once the virus writers get hold of this then there'll be all sorts of stuff going on.
Of course the hacked phones will be immune as one of the first things that will be done is fix the bug.
> They are under legal obligation to maintain their firmware so that the phones can't be used on other networks for another 5 years.
In some countries the exact opposite is true!
Am I the only person here who reads that there is a vulnerability in the way iPhone handles TIFF files who immediately thinks that this is a massive security problem that needs to be addressed immediately? Sure, a handful of people will make use of this to open up their iPhone. Good for you. However, for everyone else, this is just a hole waiting to be exploited by someone posting a malicious TIFF onto a website or in an email and luring the iPhone users to view the TIFF causing havoc.
I don't know what their contract says with AT&T, but that might very well be on there. Something to the tune of 'only tested and approved applications'.
But even assuming it's not a contractual obligation, Apple announced they weren't going to allow third-party apps weeks before the first iPhone was sold. It wasn't a surprise and anyone who bought it with the intent of hacking it and putting their own apps on it did so at their own risk.
I've bought devices, used 'hacks' on them, and did other things with them. But I did so with each of them with the complete understanding of how much money I could lose if anything happened that I couldn't control. In fact, while I was soldering one, my father was in the other room saying comforting things like 'That's a $300 mistake.' Turns out, he was almost right on that one... I barely managed to fix it.
Anyone complaining about Apple updating their firmware has rocks in their head. It's what they do, it's what they said they'll do, and nobody ought to be surprised that they'll do it.
If you want an open phone, there are several on the market or very close to market that will work MUCH better and the companies will support you in creating the apps. There's no need to hack the iPhone and Apple has cheated no one.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
So let me get this straight: if an image handling vulnerability is in IE or Firefox, it's deplorable, but if it's in an iPhone, it's the greatest thing ever?
If you cretins don't like the iPhone's contract terms, DON'T BUY ONE.
But you *would* be under legal obligation to *try*.
"Ignorance more frequently begets confidence than does knowledge"
- Charles Darwin
My blog
If you want an open phone, there are several on the market or very close to market that will work MUCH better and the companies will support you in creating the apps. There's no need to hack the iPhone and Apple has cheated no one.
My opinion on this is that it is unethical and should be illegal for ANY phone on the market to be restricted to a network, or restricted in available applications based solely on who gets paid. It's bad enough that companies have framed the software market so that products you "buy" aren't yours but licensed, they want the same paradigm with hardware too. It's bullshit, and it shouldn't be tolerated just because someone else sells uncrippled hardware.Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
The terms of the contract, according to the Mac community, is that whenever there is something annoying with the phone -- bricking, restricted access of all sorts -- it's AT&T's fault. This also goes for the ipod touch, which features the exact same restrictions.
Anyone complaining about Apple updating their firmware has rocks in their head. It's what they do, it's what they said they'll do, and nobody ought to be surprised that they'll do it.
All true. Expecting Apple to support hacked models with new firmware is a bit silly. The iPhone updater completely re-flashes the iPod, and then re-adds the data from iTunes. So any update will at least wipe Apps, unless Apple does special work to preserve them.
But just as importantly, there's nothing saying you "have to" update the firmware. It's voluntary. Sure, you've got to if you want the bugfixes and new features, but that's hardly mandatory. Users can continue to use the 1.0.2 firmware for as long as they want to, or until there's some sort of iPhone virus out there.
"Apple's contract with AT&T does not give them the right to destroy unlocked phones"
Very true. Too bad they didn't 'destroy' the phones or you might have a point here. The phones were not 'destroyed', they were simply locked again and with a patch that fixed a vulnerability. The phones aren't 'bricked', they are simply locked again.
Apple sold that phone with 1 sole purpose in mind. That purpose did not include using third-party or any network except AT&T's. They didn't even try to hide this.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
Why would they take legal action? Has anybody from Apple suggested that?
Does this sort of unlocking actually bother Apple? They may not be making money on the cellular deal, but they did get money for the iPhone. They may have had to promise to try to stop unlocking contractually, but that doesn't mean they have to be all that effective about it.
They did warn that updating a modified iPhone might hurt it, but that can be seen two ways. The /. herd mentality way is as a declaration of war, but it seems to me that an equally valid way is warning iPhone modders away from the update. Suppose you have an Ubuntu system or some other free software system that has updates. Suppose you modify and recompile your kernel. What will happen with the next automatic kernel update? Will it help? Will it fix things? I'd think your best bet would be to decline the update, just like you can with the iPhone.
I have nothing against people doing what they wish with their own iPhones (please leave mine alone for now), but I don't have much sympathy for those who unlock them and then try to use the standard update.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
I don't agree that this is a matter of ethics, but think that the network restrictions should be legislated away for economic reasons (break up monopolies).
And thus far there is nothing but a couple of vague rumors that Apple is going to allow anything but Apple applications on the iPhone. It is unlikely that there is any financial arrangement between Apple and Google to get the current "Google applications" on the iPhone, and thus far they are the only non-Apple apps on the iPhone (without jailbreak).
Now Apple does have a real reason to object to the way that most of the unlocked (this is talking about switching carriers) phones were unlocked. In those cases people changed the radio id on the phone to all be the same id. From my understanding this is actually illegal in the UK, and something that the FCC probably frowns on enormously. You can argue that Apple gave the unlockers no choice (despite the fact the other people have found ways to do it without doing that), but you can't argue that the unlockers come out clean on this round.
And on the subject of "bricking", these people were playing around with Firmware. The software side I am all in favor of, but firmware is something you play with at your own risk. These people took the risk, and are now paying the price. Anyone who jailbroke their phone and it is having a problem, well they I have sympathy for. And from all the reports I have seen Apple is taking care of at least those people, they are just not being public about it.
I didn't see anything that said otherwise, but doesn't this mean that someone could get root on your iPhone just by visiting a website with a special TIFF?
I don't know the law, but maybe for a branding/marketing point of view it would have made sense. Even if you can only sell them unlocked, being the only source other than directly from Apple that is able to sell the iPhone sounds like a lot of business to me.
Not a Twitter sockpuppet... but I wish I was.
Your statement is only true IF Apple sold iPhones in those countries, which they don't. So, no... Apple is not currently under any legal obligation to produce unlocked iPhones and, in fact, are legally obligated to NOT release unlocked iPhones.
The something "bad" was closing security holes that allowed anyone to execute code on the iPhone as root. Yeah, that's fucking EVIL. And with the new tiff issue it will be patched by the end of next week, I'm guessing. The problem isn't the 3rd party apps. Apple even said "More power to you." The problem is that the only way to install them at the moment is taking advantage of security flaws.
Not a Twitter sockpuppet... but I wish I was.
Apple regularly bitch-slap their fanbase like 2-bit whores. And still they come crawling back for more, whispering "It's not them, it's me. Apple will change, if I just love them enough," through their split, swollen lips. It's sad, is what it is.
If you were blocking sigs, you wouldn't have to read this.
So why do you feel compelled to get a new one?
Personally, I'd give it another year before going iPhone and see what the second-gen ones are like (esp. with respect to 3G/HSPDA which may have been a defensible decision in the US but its a bit of a joke in the UK).
As other posters have said, if you're going for a new not-iPhone then T-Mobile do much better "unlimited" data deals.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
You are not part of Apple's target demographic for the iPhone. We can speculate on why, but it would just be speculation. It could be that AT&T demanded the phone be locked down. It could be that Apple rushed the phone out and didn't have time to add features allowing 3rd party applications while maintaining stability. It could be that they are all just a bunch of miserable pricks who wouldn't know a good business decision if it bit them in the ass.
The important thing is that you are not their target demographic. Getting angry at Apple for this is a bit irrational. Do you hate Nickelodeon for not producing good, quality porn? I mean, you supported them by watching their crappy Canadian-produced shows back when you were a kid.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
If their hack depends on a "specially-crafted" TIFF, then that's a bug, and Apple is under an obligation to close that hole. How would you like it if a "specially-crafted TIFF" was used to steal all your personal information?
Open the SDK, Apple. Allow the legal unlocking, and make it easy for people to write apps and then sell them for them on iTunes. Stop being jerks. You make money to the extent that you're not jerks.
But hacking is hacking, and I don't want any vulnerabilities on my iPhone, even if it's just "good guys" who are using them.
> Your statement is only true IF Apple sold iPhones in those countries, which they don't.
Your statement is only true IF Apple didn't sell phones in the UK (to name just one country with such a law). They do.
This just goes to show you that the more widespread and popular something is, the more likely it's going to get hacked (whether by the owner, or an outside party) to do something for which it was not originally intended. Mac owners who feel secure because they have Macs should take note of the fact that Apple's platforms do in fact contain exploitable flaws.
BeauHD. Worst editor since kdawson.
What's Apple's excuse for locking up the iPod Touch...?
With the iPhone it was apparently part of the contract they signed with AT&T, but with the iPod Touch, Apple has NO fucking excuse.