Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unreleased iPhone 2.0 May Already Be Hacked

Posted by Zonk on from the who-gave-the-hackers-time-travel-machines dept.

The as-yet unreleased second iteration of iPhone hardware may already be compromised, reports Engadget and News.com. Members of the 'iPhone Dev Team' have (supposedly) made use of the recently released SDK to gin up a Beta 2.0 software hack. "Unlike previous hacks, this one isn't specific to the latest firmware version, it exploits the way that Apple designed the iPhone's main bootloader. According to the iPhone Dev Team, the iPhone verifies whether or not firmware code has been signed with an RSA certificate before allowing it to be written to memory. The team has apparently figured out a way to disable that check and allow unsigned code to be written to memory."

7 of 183 comments (clear)

  1. Firmware 2.0 by the_g_cat · · Score: 4, Informative

    They hacked firmware 2.0, which will run on current iPhones, there's no mention of new hardware for this stuff...

  2. Re:Feasable? by MBCook · · Score: 2, Informative

    The best you could do would be to alter the hardware (the actual CPU, not some external module) to verify cryptographic signatures. That would prevent you from accidently loading software like this, but it has it's own problems. For one, you have to stick your cryptographic key on the CPU. If they get compromised, they can't be updated. If they can be updated, then someone who cracks the device can just update to their own key and they are now in charge.

    You could have a second CPU, acting as a watchdog, monitor the bus and make sure code is signed, nothing weird is going on, etc. That would be very difficult though.

    Your best option that could be implemented now would be sending hashes across the network to verify stuff all the time. Since most people aren't going to have the ability to play man-in-the-middle with the cell phone network, this would be reasonably secure. That said, it would be a pain (especially with 3rd party programs going to be available). It would also tie up the cell network.

    What they've done seems quite reasonable to me, for the amount of time it probably took to implement.

    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
  3. Re:Pertinent word... by Chrononium · · Score: 4, Informative

    I know that you made this comment in jest, but a few years back when I was a hardware engineer at Apple, we literally only had 5 or 6 IT guys for the whole campus, which probably implied 5 or 6 guys for approximately 5000 computers. Sure, a lot of that was because you were more or less trusted to operate a computer (at least in engineering, but I think it applied in other buildings too), but that's still a massive accomplishment. The university lab I'm at now is dedicated to computational electromagnetics and they do fairly well with only two guys for the 200 or so computers here. But that's largely because we can't do much of anything without their say so. I think the Mac, when properly understood and matched up with the proper IT philosophy, can do wonders. And I bet you can't guess how many people ran the iTunes Music store hardware. It was pretty darn awesome.

  4. Re:Pertinent word... by tlhIngan · · Score: 5, Informative

    "Unsupported" != "Deliberate device disablement via updates for hacked devices"


    Here we go again.

    Has it been proven it was deliberate? Because there was an update later on (1.1.2, I believe) that fixed all the "bricked" phones. Which would mean that whoever unlocked their phone, the software was done poorly enough that the updates were screwed up. Even the iPhone Elite Team says it's due to a messed up unlock patch. A hack

    And Apple said it will brick phones if they unlocked the phone and update. The solution was to avoid updating until later...

    Heck, Nintendo has to start warning too that their updates may brick the Wii, as well, if there were any third-party modifications done to it.
  5. Re:Pertinent word... by Lehk228 · · Score: 2, Informative

    is the apple way anything like the habbo way, cau's i break the habbo way all the time trying to warn people away from the pool.

    --
    Snowden and Manning are heroes.
  6. Re:Nice by Pepsiman · · Score: 2, Informative

    Yes, the RSA encryption on the DS is only used when downloading a game from another DS.

    The RSA encryption on the Wii is used for everything, but has an implementation bug.

    This bug is exploited by Datel to create Freeloader and by homebrewers to create Wii channels, fake update partitions, etc.

  7. Re:Pertinent word... by WhatAmIDoingHere · · Score: 2, Informative

    They don't make it easy to refuse the update? "There is an update for your iPhone (version number here) do you want to download and install it, just download it and install it later, or ignore it? Pick one."

    It's VERY easy to refuse an update. Now, if they were forced down over AT&T, that'd be a different story.

    --
    Not a Twitter sockpuppet... but I wish I was.