Slashdot Mirror
Unreleased iPhone 2.0 May Already Be Hacked
The as-yet unreleased second iteration of iPhone hardware may already be compromised, reports Engadget and News.com. Members of the 'iPhone Dev Team' have (supposedly) made use of the recently released SDK to gin up a Beta 2.0 software hack. "Unlike previous hacks, this one isn't specific to the latest firmware version, it exploits the way that Apple designed the iPhone's main bootloader. According to the iPhone Dev Team, the iPhone verifies whether or not firmware code has been signed with an RSA certificate before allowing it to be written to memory. The team has apparently figured out a way to disable that check and allow unsigned code to be written to memory."
Well, it's funny that Jobs likes to lecture the music and movie industry about the futility of DRM, but then he tries to lock down the iPhone.
If he were rational (which is not to say that irrational precludes being brilliant), I don't think he'd really care that much about iPhone hacking, unless people started to look at it as something safe and normal and that Apple should support those hacks.
When somebody solders a modchip onto a game console motherboard, he knows very well that he's on his own. But when a hacked up iPhone starts to feel normal to users, then Apple loses the ability to control the release cycle. They don't want their new products to compete with hacks for their existing ones, because they've discovered the secret of the software subscription model Microsoft toyed with a few years ago: you don't call it a subscription, you call it spiffy new hardware.
Of course, he might well be totally ape-shit over iPhone hacking, I don't know. I don't think like him, which is why I'm not rich.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
the whole iphone dev system is interesting in that it is an attempt to finally invert the usual "blacklisted software" security system that has so often been the rule. rather than the busted concept of allowing all software to run, and then chasing down 'bad' ones with antivirus programs, rootkit detectors, spyware removers etc, they're moving to a whitelist. default deny, selective approve, with revocation.
;)
just as any sane firewall is set up. (it would be nuts to set up a firewall to default allow all ports, and then start selectively blocking them only once an exploit that uses it becomes apparent, but then you have today's software security model doing just that.) forcing devs to buy a cert means they have somewhat of a point of authentication and also a hook to revoke all of a dev's apps if they fail to toe the line by releasing a virus, trojan, phish etc. Or "something that reduces apple's revenue"
I believe leopard has the (currently unused) capability to do this built in as well. looks like the iphone is going to be a bit of a testbed for the concept. this kind of thing is only possible really with a "brand new" os where you can start from day 1 with no backward compatibility problems. it's also the reason you're not allowed to run interpreters like java or javascript... else Sun would get a valid cert to load the java interpreter, which in turn could run anything on the planet bypassing the "run only whitelist code" concept.
I can't say i agree with such "mandatory*" restrictions on a computing device I purchased, but as a matter of security philosophy it really is quite interesting.
*well, mandatory if you want to run snazzy new SDK apps. they really should set up an "unsupported, you may be SORRY!!" class of signature that would let you run, at your own risk, anything from that signature.
Well, it's funny that Jobs likes to lecture the music and movie industry about the futility of DRM, but then he tries to lock down the iPhone.
Yes, but Apple only does this as a safeguard to help protect more timid users. Apple, unlike the music studios, knows it will be broken and does not really care.
If he were rational (which is not to say that irrational precludes being brilliant), I don't think he'd really care that much about iPhone hacking
He doesn't, which is why the last iPhone update did not break jailbroken phones.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The point isn't to make it unbreakable.
It's to make it enough of a pain in the ass that those who manage it realize they're wading into unsupported waters.
This
Given that Apple is slow to approve developers, the only way to test your OpenGL ES program is to Jailbreak the iPhone.
You are supposed to test your program with the iPhone Simulator, called Aspen. The Aspen simulator is part of the free download SDK for the iPhone. However, Aspen does not support OpenGL ES, which is hardware acceleration for cool effects & fast 2D or 3D.
To deploy to the iPhone, Apple must give you a certificate, and they only do that to those paid developers whom they select.
In other words, most game developers can not test their programs because they can not deploy their programs to the iPhone.
I want to play around/learn. I have avoided Jailbreak solutions to date, but I see no other way.
Here we go again.
Has it been proven it was deliberate? Because there was an update later on (1.1.2, I believe) that fixed all the "bricked" phones. Which would mean that whoever unlocked their phone, the software was done poorly enough that the updates were screwed up. Even the iPhone Elite Team says it's due to a messed up unlock patch. A hack
And Apple said it will brick phones if they unlocked the phone and update. The solution was to avoid updating until later...
Heck, Nintendo has to start warning too that their updates may brick the Wii, as well, if there were any third-party modifications done to it.