Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone, iPod Touch 1.1.1 Firmwares Jailbroken

Posted by CmdrTaco on from the pat-yourselves-on-the-back dept.

vertigoCiel writes "Hackers Niacin and Dre have recently gained full read and write access to the filesystems of both the iPhone and the iPod Touch. The Jailbreak exploits a vulnerability in Safari's TIFF library to execute the necessary code when the specially crafted image is loaded. Access can then be permanently sustained by modifying the fstab file with iPhuc"

17 of 347 comments (clear)

  1. Makes me wonder by Dunbal · · Score: 4, Interesting

    I wonder if Apple are going to keep playing "cat and mouse", and try to bring legal action to bear against these "vile hackers", or if they're going to take the hint that you can't stop us all? Clearly there's a demand for unlocked iPhones.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:Makes me wonder by Reality+Master+101 · · Score: 5, Interesting

      But they're not under any obligation to prevent third party applications. That's just greed. They want to eventually sell only licensed third party apps.

      --
      Sometimes it's best to just let stupid people be stupid.
    2. Re:Makes me wonder by CaptainZapp · · Score: 2, Interesting

      So are you saying that they shouldn't patch the vulnerabilities, that they shouldn't release new firmware at all, or that they should break their contract with AT&T

      So you know the terms of the contract between AT&T and Apple?

      Oh, please, good sir: enlighten us ignorant masses.

      --
      ich bin der musikant

      mit taschenrechner in der hand

      kraftwerk

    3. Re:Makes me wonder by Red+Flayer · · Score: 3, Interesting

      They are under legal obligation to maintain their firmware so that the phones can't be used on other networks for another 5 years.
      Not quite -- they are under contractual obligation, which is something quite different.

      Would AT&T have legal recourse if Apple didn't fulfill its obligation? Yes.

      Would Apple face prosecution for violating the law if it didn't fulfill the obligation? No.

      And as a matter of fact, legal obligations supercede contractual obligations. For example, in some countries, it is debated whether Apple is legally allowed to exclude other service providers.

      or that they should break their contract with AT&T which could make every iPhone out there useless overnight unless it is hacked?
      Oh, right... like AT&T would actually stop providing hugely profitable service to iPhones. They'd continue to provide service to iPhone owners, they'd just also sue Apple.
      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
    4. Re:Makes me wonder by Richard_at_work · · Score: 4, Interesting
      I currently have an O2 contract phone (W810i - very pleased with both phone and network) and my contract is coming up for renewal at about the same time as the iPhone will be released. As you can guess, my decision is now slightly more complicated:

      • iPhone for £269.00 and 18 month contract for £35 a month:
        • 200 minutes and 200 texts a month
        • Unlimited (within reason) data
        • Free wifi access at the Cloud access points
      • N95 for free and 18 month contract for £30 a month:
        • 400 minutes and 200 texts a month
        • Better featured phone
        • 200MB data a month for extra £7.50 a month or unlimited data for an extra £30 a month

      The iPhone deal comes to £899 total and the N95 deal comes to £675.

      Quite frankly, the *only* reason the iPhone is even still in the running is because of the inclusive data and wifi at the moment - and even then I am still heavily leaning toward the N95 with the 200MB data allowance.

      Thoughts?
    5. Re:Makes me wonder by Henry+V+.009 · · Score: 1, Interesting

      Responsible firmware updates don't brick hardware. For example, an update can run a checksum on essential system files before applying itself. Not doing so when you know beforehand about bricking problems (which Apple announced it did) is either A) incompetent, or B) malicious.

      So is Apple incompetent at making software, or are they malicious towards their users? I think we all have a pretty good idea which one it is.

      You see, after selling you something, Apple doesn't own it anymore, you do. Apple's contract with AT&T does not give them the right to destroy unlocked phones not owned by them.

    6. Re:Makes me wonder by geeknado · · Score: 3, Interesting
      Apple made a conscious choice to /not/ support third party apps when they failed to provide a development API for the iPhone. Most companies are "greedy", in that they need to make money to satisfy investors, and Apple's no exception. However, I'm not sure that's their primary focus here...Apple likes to maintain a user experience monopoly with its own devices...That "Experience" factor(it just works, etcetc) is key to their whole marketing strategy. In the OS world, they can't compete without supporting 3rd party apps...Computers are expected to be extensible. Phones, however, are a completely different story, and many are, in fact, locked down.

      The trap they've fallen into, of course, is that their direct competition at the price point typically /does/ allow 3rd party apps, so people are understandably resentful.

      One thing that I think is particularly interesting about all of this is the tendancy for people to point a finger at AT&T about this particular issue. Based on some of the other smartphones on their network, I'd be surprised if the lack of supported 3rd party apps at this stage is /really/ attributable to them, although it's certainly the excuse that's been given out from a PR perspective. AT&T clearly supports 3rd party apps on other phones...Why not this one?

      AT&T clearly has every reason in the world to care about whether or not these phones stay locked to their network, of course...That's money in their pockets. That may in fact be why these phones are actually being bricked. But the third party app thing? That's a little more complicated, imo.

    7. Re:Makes me wonder by tlhIngan · · Score: 2, Interesting

      (offtopic, but makes me wonder why on earth Orange signed/wanted to sign an exclusivity deal with Apple, knowing what the laws were in France)


      Don't see why Apple can't sell it as an unlocked phone.

      It's got double activation, so the first one would be to sign up for an Orange contract. Oh, the phone's unlocked alright, but you'll have to sign this contract to use it, so you'll pay your provider plus Orange. Sure you can probably get out of it, who knows what the contract termination fees are (probably along the lines of, "You think $200 is expensive?").

      Or heck, maybe Apple will just sell it through Orange dealers, who'll probably give you plenty of warning that yes, it's unlocked, but you're still bound by the contract. (The sim lock and an external contract with a service provider are two separate things...). To cancel the contract early (i.e., standard return policy), return the phone as per EU directives and French laws - none of this AT&T style cancel the plan but keep the phone. Heck, I'm sure there are ton of other ways to ensure that even though you can use the phone with any network in the world, well, you're gonna pay Orange still.
    8. Re:Makes me wonder by GaryPatterson · · Score: 1, Interesting

      Not that I would doubt your unsupported statement, or just call it an amazing bitterness by someone who probably has never bought an Apple product and somehow feels empowered to bitch about them at every turn, but can you back up your bile with some facts?

      Yes, the iPhone isn't turning out to be Apple's shining moment in the Sun as far as open-ness goes but prior to that?

  2. Keep your stuff updated.. by comm2k · · Score: 3, Interesting

    Apparently they used the same vulnerability to hack the PSP.

  3. Not a long term solution by uglydog · · Score: 4, Interesting

    according to the article since the TIFF exploit can be patched. I understand it's a "cat and mouse game", but I was wondering why there can't be a more permanent solution, like creating an image that can be restored using the iTunes Restore function.

    This is great news and I'd like to know how do you get started learning how to hack the iPhone? I found stuff that explains how the jail breaking works, but not how it was discovered or what was tried, etc. Blogs, logs, etc would be cool.

  4. Ok, so I don't have an iPhone... by Anonymous Coward · · Score: 1, Interesting

    ... so what worries me (and the article doesn't say) is: Does this vulnerability affect the desktop version of Safari as well, or (as someone else suggested) does the iPhone firmware merely have an out of date version of the TIFF library?

  5. Re:Opportunity? by Anonymous Coward · · Score: 1, Interesting

    Not only that, but is the portable version of Safari the only version affected?

  6. There is ONE valid argument, though by Anonymous Coward · · Score: 1, Interesting

    If the iPhone doesn't have hard segregation between the air component and the application space there is indeed one argument that is valid: providers are understandable very worried about anyone modding the air interface to start hacking the phone carrier networks.

    If so it betrays quite a lot of nervousness about the robustness of false signal rejection, and 2600 would ride again in a more advanced form (come to think of it, I suddenly realised that 'talk' is back amongst us, we just call it IM now, but I digress :-).

    However, that is then a design weakness (IMHO) and I wonder how Apple managed to swing that then in the light of the money they're currently extracting from AT&T.

    Anyone any idea how the iPhone separates the two, or maybe how it doesn't? Could be quite an oopsie..

  7. Incorrect assumption by maestro371 · · Score: 2, Interesting

    The problem is that they don't completely re-flash the firmware. If you have a 1.0.2 unlocked iPhone, the 1.1.1 upgrade will break your baseband and prevent you from making calls or using wi-fi. If they completely reflashed the baseband, that would not be an issue.

  8. Re:TIFF image exploit? by JohnWhitney · · Score: 2, Interesting

    If you cretins don't like the iPhone's contract terms, DON'T BUY ONE.
    1. My iPhone did not come with a contract. I carefully looked through the box it came in, and none of the documents included came with a contract. Turning on the iPhone, it said I needed to activate it. This also is not a contract. When I then activated my phone via one of the non-iTunes tools, no contract was signed. There was no EULA and no click-through license I had to agree to. Please tell me which iPhone contract you are referring to that I agreed to.

    2. It is my legal right to circumvent the DMCA in order to unlock my iPhone to work with other carriers. Why are you so adamant that I should not exercise my legal rights? I'm not hurting you or your iPhone, so why do you care? I guess those guys that reflash their Linksys wireless APs with more capable firmware are also on your list. Not to mention those bastards who put Linux on the iPaq PDA, or the iPod. After all, if we don't like what we get from the Gods of Apple, we just shouldn't buy it, right?
  9. N95 or iPhone by Jeremy_Bee · · Score: 2, Interesting
    Here is your mistake right here:

    Better featured phone (the N95) If you need to use 3G there is a reason to purchase the N95.
    Otherwise, if you look closely at the specs and actually compare the units in your hand, you will find the iPhone to be a much "better featured phone" than the N95.

    The N95 is clunky and poorly assembled, it has less battery life, less storage, and the apps it has are hardly useable and poorly integrated.
    To really decide, try browsing the web on each phone. I will bet it will not be the N95 you choose.