Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Finally Unlock iPhone 3G

Posted by Soulskill on from the information-and-iphones-want-to-be-free dept.

nandemoari quotes a story at Infopackets: "2009 has gotten off to a great start for a team of iPhone enthusiasts with little regard for Apple's licensing requirements. They've finally figured out a way to get the phone to work with any cell phone carrier (and not just AT&T). The iPhone Dev Team is best known for their work on 'jailbreaking;' the technique of altering an iPhone so that you can run any applications on it, not just those approved by Apple. Given the company's questionable vetting policy for entry to the official App store, it's not surprising many users approve of jailbreaking."

5 of 186 comments (clear)

  1. Re:Finally by schmidt349 · · Score: 5, Informative

    Um, you should probably watch the iPhone Dev Team's recent presentation at CCC if you want to sound like you have any idea what you're talking about. This wasn't some simple privilege escalation coming out of a buffer overflow in the web browser. Apple signs the shit out of every binary on the phone. The kernel won't execute a binary in userland unless it's signed; the firmware loader won't execute the kernel unless it's signed; the low-level bootloader won't execute the firmware loader unless it's signed.

    The iPhone 3G is a paragon of embedded device security, at least by way of making sure unapproved code doesn't run on the device, and it's a testament to just how amazing the iPhone Dev Team guys are that they actually found a way to (a) defeat the whole chain of trust in the iPhone firmware in order to jailbreak it. This by the way doesn't even take into account their real genius, the hack into the baseband firmware for the S-Gold radio device, which executes code in its own universe, completely separate from the S5L application processor.

    In short, this hack wasn't some bunch of script kiddies having a sleepover and cracking the copy protection on Arkanoid 2 for the C64. This was a brilliant circumvention of some of the tightest security ever found on a PDA or mobile phone. So please don't disrespect the people who made it possible.

  2. Rather than linking to some random blog... by oPless · · Score: 5, Informative

    Why not link to http://blog.iphone-dev.org/ themselves ?

    Oh wait ... this is /.

    My Bad.

  3. Re:I do not understand... by mr100percent · · Score: 5, Informative

    Haptic response?
    If that's the case, why do critics HATE the Blackberry storm and rumor has it that Verizon is dealing with a ton of returns?

    Just get firemail for iPhone and type your emails in landscape mode

  4. DRM might actually work for iPhone by pikine · · Score: 4, Informative

    This is also an excellent case study in why DRM is retarded. As you say, this is some of the tightest security ever found. Yet, it has been broken by some very smart people. Such is the fate of any DRM that is sufficiently widespread that smart people care to go after it.

    If you watch the video, you'd see the only reason they're able to break it is because the bootrom (initially run by the hardware) is modifiable yet not signature checked. I suppose that's because they want to be able to upgrade the bootrom but signature checking is only implemented in software and not hardware. All the NOR and NAND flash memory and the processor is built inside an integrated chip, so it is possible that future revisions of the chip will also integrate a TPM to verify the signature of bootrom. Let's suppose Apple will do that. You will then have a completely working DRM framework on the iPhone.

    TPM doesn't work on PC because you always have access to hardware without TPM, allowing you to run whatever you want and patch the software that requires TPM such as the hackintosh Mac OS X. However, for the iPhone, you can only buy the hardware from Apple that always has TPM on it (or settle for a previous generation iPhone without TPM). The whole point of iPhone craze is that you want to buy iPhone made by Apple, and all the restrictions follow from that, including choice of carrier and applications you can run.

    Code signing, for example. I really like the idea as a potential security measure for users/administrators. When I download Firefox, the fact that it is signed by Mozilla gives me a pretty high degree of certainty that it is legit, safe code.

    Do you have any means to verify that Firefox certificate is signed by someone you could trust? I could generate a certificate that looks like it's issued by Mozilla, and then sign a tempered copy of Firefox with it. Even if you can verify the mozilla.org certificate, the chain of trust ultimately leads to a root certificate that you must trust. Are you really sure that VeriSign or Thawte or other certificate issuing institutions cannot be compromised? I remember a past Slashdot story about one of the root issuer happily generating certificate for any domain name without verification.

    Fortunately, there are people like this that will break their DRM, so you can use it as you wish.

    If you have to use Apple's iPhone, your freedom is already automatically compromised, if not now, sooner or later.

    --
    I once had a signature.
  5. Re:Finally by DECS · · Score: 4, Informative

    Except for a multitouch screen. And Android doesn't support Bluetooth any better than Apple's nearly worthless level of support.

    What exactly do you even have in mind when you say "all the features"? Because the features of the iPhone that are novel are not supported in Android, and those that are nothing special. What sets the iPhone apart is mainly its user interface, its software store, its smart integration into iTunes/iPod stuff. Android offers none of those things. It give users a DIY-UI, a software "store" without security, merchandising, or sales, and no PC connectivity.

    Google's Android Platform Faces Five Tough Obstacles