Slashdot Mirror
Apple Outs Anti-Jailbreak Update
Stoobalou writes "Apple has issued an emergency update for devices running the iOS 4 mobile operating system. iOS 4.0.2 plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4 and its manifold siblings as well as... actually, that's about it."
If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.
I appreciate jailbreaking, but security is more important. What about older devices? Maybe McAfee or Symantec will have a solution.
There are a million of them. Why not buy one you don't have to jailbreak?
Bet it'd be cheaper too.
Now we're going to have to wait a week before another exploit is released publicly. Shucks.
...while the exploit is only used (that we know of) for the jailbreak at this point, it could potentially be used for much worse...to wait for the next more substantial update to patch the exploit would be careless on Apple's part.
If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.
That's true. Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.
Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.
So although this says it's anti-jailbreak, that's just secondary - it was one hell of a hole in the first place.
Java gaming nut - http://www.retep.org/ or for the rail http://uktra.in/
Exactly- phrased differently- "A vulnerability actively being exploited in the wild was patched".
Granted, some of those actively exploiting it were the owners of the devices... but hey. You seriously don't know if it was being exploited by others for financial gain. If they were that good, you'd never know. I'm all for patching the vuln.
"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway" -Andrew Tanenbaum
We have to go back to jailbreaking the old fashioned way with a computer and a USB cable - it'll take ten minutes rather than five now and require you to RTFM. And all because Apple wants to fix a gaping security hole. DAMN THEE DRACONIAN STEVE JOBS!!1!
catch (HumourFailureException e) { e.user.send("You, sir, are a humourless idiot."); }
I am curious as to how much longer we will go until the next security hole isn't used so benevolently.
Who's up for a virus that can't be removed by the user once it's in? How about a friendly bugger that takes advantage of your contact list? For that matter, let's bring back the old dialer viruses and have your phone call a 10$/minute hotline every night for an hour.
Thirded. Usually I would say Apple was just trying to keep people from unlocking their phones...but I think that was just a symptom of the problem they were trying to fix here.
Living With a Nerd
Bricked? I thought you could just re-synch your phone and restore it.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Apple has not released the fix for the iPod Touch 1G and the iPhone 2G, so the iPhone Dev Team themselves are working on a fix that will work on all devices. So you'll be able to basically jailbreak and then plug the hole that was used to do it.
Donate free food here
Why buy a device that you cannot control?
Because you can't control the close substitutes that are being sold either. For example, all three major video game consoles are like iPhones in that they need to be jailbroken to run anything interesting.
This is a massively publicized remote exploit. That is the most critical sort of security issue for an operating system. There is nothing strange about them prioritizing it.
Nerd rage is the funniest rage.
Indeed. And similarly, it was wrong that the original news of the exploit was publicised as a good thing (or, at worst, neutral), rather than being publicised as a major security hole (like you know they would have had it have been something like Internet Explorer).
Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.
I still am amazed that Apple releases the iPhone code with simple, easy to discover passwords that are the same across every device. That is UNIX rule 101 - "protect root". Knowing the password means that if you can execute arbitrary code on the iPhone via any means, you can su to root and break out of the user space security protection. User priviledge controls have been the basis of UNIX security for as long as UNIX has been around (as it has been for most OSs to more or less a degree)
If the iPhone had random root passwords on each device, and used certificates to trust iTunes, the risk of a driveby attack doing permanent (ie surviving reboot) damage must be lower? Or have I missed something obvious here?
I wouldn't be jailbreaking my iPhone if there was a way to remove SIM lock. Right now Apple & AT&T has forced me into a situation where AT&T won't provide unlock code (asks to go some unlock shop and pay for the unlock) and Apple doesn't really care. Only option is to jailbreak to get blacksn0w running.
If Steve/government (in many countries in Europe it is mandated that after contract period unlock key is given) would force AT&T to provide unlock codes for everyone out of contract then most of the jailbreaking business would go away.
The problematic part is that iPhone 2G users won't get an update but are still susceptible to this bug, so they're SOL. Additionally, iOS 4 sucks on the iPhone 3G (nearly no new features, but much slower), so many are reluctant to update.
1. These sorts of exploits are found for every device all the time. This one was just famous because people used it to get root access to their own phone.
2. @comex et al are not immediately irresponsible and evil for exploiting and exposing a vulnerability. Isn't that what DEFCON and BlackHat devote entire conventions to?
3. If Apple just provided a safe way to get root access to your own device (like every other computer you've ever purchased) people wouldn't have to resort to using security holes.
4. With the the 2G iPhone and iPod Touch now unpatched by Apple, the only way to secure them is to jailbreak them and install the Cydia patch that is now available. Ironic.
It's amazing that slashdot can spin this as anything other than a good thing. Bottom line – the phone had a serious security vulnerability that allowed people to brick/use the phone for various nefarious tasks. Apple fixed it, spinning this as anything other than an important bug fix is downright irresponsible.
This exploit is the least of their problems ... http://www.sbsfaq.com/?p=2165
Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time
They're afraid of being modded down.
Living With a Nerd
I thought android phones needed to be "rooted". Double standard much?
> 2010: The Year of the Linux Phone
It is! Android and others!
In modern parlance, "bricked" means "mildly inconvenienced for about 30 minutes" rather than "made completely inoperable to the point where the hardware is now about as useful as a standard brick" and "zero day" means "sometime within the next 5 years after the actual software was released in the first place."
Some Android phones. And if you have a dev bootloader (ie. the folks you bought your phone from aren't assholes), there aren't any security exploits involved in the process anywhere.
Also, the set of things you can do on an Android phone without root is substantially larger than the set of things you can do on a non-jailbroken iPhone (replacing the built-in apps, for instance).
androids don't "need" to be rooted unless your particular phone company disables functionality that you want to use. The most relevant example of this is tethering, most phone companies will only enable it after you agree to pay $xx/month more for the privilege to use functionality your phone has native support for.
That said, I've never owned an iPhone so I don't know what you gain by jailbreaking it.
Android phones only need to be rooted if you're doing something that requires root access - for everything else running unsigned (i.e. third party, non-market) apps is simply a matter of unchecking a box in the settings, so no, it's not quite the same thing (as you'd know if you had ever tried to send an MP3 via bluetooth from an Android phone to an iPhone, for instance - they both have this ability but only one allows you to do it without rooting the device).
"Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality."
If you think jailbreaking is necessary to enable "basic functionality" on an iPhone, I'd love to see what your definition of basic functionality is. I think you meant to write "advanced and technical functionality that relatively few people really need [want]." While I don't have an iPhone, I have an iPod Touch that I use constantly for school, work, and fun. After jailbreaking it to see what the hype was about, I quickly reverted to normal because for me jailbreaking interfered with the functionality of my iPod. Frankly, many (not all) people jailbreak for access to pirated apps. I know that's stereotyping a bit but it is the case for many people.
Apple,
4.0.1 is far from perfect - how about addressing a few of the following bugs before worrying about jailbreakers:
- Poor Bluetooth compatibility. Accessories that worked under iOS3 are flaky (or do not work at all) in iOS4. Lots of BT functions are broken - phone book transfer - switching between audio and handsfree results in no audio, frequent BT disconnects...etc.
- Occasionally upgrades to 4.0.1 result in poor battery life and excessive operating heat from the device (I have seen this on at least 5 phones). Wiping the device and restoring the phone fixes the issue (in every case so far) - so it's an upgrade problem
- Pathetic performance on the 3G model. Either make the performance better or exclude the device from further upgrades.
- Poor radio performance. I have heard a few complaints from my users that cellular radio performance is worse after the iOS4 upgrade. Phones frequently fail-over to Edge when 3G is available on other devices.
Trading a stable phone for multitasking was not what we wanted when our users upgraded to iOS4.
-ted
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
It isn't just anti-jailbreak, it's patching a pretty serious security flaw.
What basic functionality?
Tethering? The phone already does that, without jailbreaking. Installing non-app store apps? I wouldn't call that basic - the phone is just not designed and promoted to work that way (ie, if you want to do other things with it, you're moving away from 'basic' and into 'unsupported, potentially advanced' functions).
The biggest reason I've seen for jailbreaking my phone (although I haven't done so) is to enable use of the phone as an AP, rather than having to tether to my Powerbook and then share my wifit that way, but the number of times I've needed to share my connection when there's been nothing but 3G access is limited. Either way, that's hardly basic functionality.
I guess VoIP is verging on basic, but there are apps that work over wifi - the 3G restrictions are carrier based.
I agree that this exploit has been spun the wrong way - as a positive thing to enable easy jailbreaking. Any security hole is never a positive thing, regardless of the beneficial things you can do with it. I'm glad it has been addressed, although I am hoping it will also be fixed for users of 2G and 3G iPhones who haven;t upgraded to iOS4.
But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.
With the exception of right wing political media that get together for weekly talking points, "The Media" doesn't collude together for a common focus. Most reporters know next-to-nothing about the beat they cover unless it is a personal passion, and expecting them to dig deep is incredibly naive, especially in a time like today when a skeleton crew covers virtually everything.
You have people like Engadget saying "hooray, we can root our iPhones!" and you have people like CNet saying "iPhones are hot shit!", and then you have every tiny tech beat for every newspaper in the country creating stories from that and the massive wave of popularity Apple has garnered. I'd love to see more non-specialty reporting on the history of locking down devices, but you'll have to wait for someone like Wired (who, despite their flaws, is a news hybrid) to try to cross that bridge first.
iOS 4 sucks on the iPhone 3G (nearly no new features, but much slower), so many are reluctant to update.
iOS4 doesn't suck on the 3G if you do a clean wipe of the OS before moving to 4. This has been a known issue for some time now. Wipe your 3G, then move to iOS4. I know plenty of folks running iOS4 on their 3G who absolutely love it. They have no issues with performance or it suck-ing. If you upgraded and already experience performance issues, backup your phone, restore to factory settings, upgrade to iOS4, then restore from backup. Problem solved.
You do realize that the iPhone does tethering, but AT&T charges $20 to enable it? That is a carrier restriction, not an Apple restriction.
A rooted Android phone is almost always still decently secure, and usually the rooting process involves something with adb, something a Dalvik VM app will be hard pressed to get unless it asks for permissions.
Say a piece of malware gets downloaded from Google's Marketplace. The su app pops up asking, "hey, the Vomitron Toaster app wants root privs?" Anyone with a clue is going to tick "no" and "remember this decision". In a couple hours after the app gets flagged, Google fires off the kill switch and the app gets zapped from the store and phones.
Rooting gives one more functionality, but it doesn't significantly add functionality to a device like an IOS JB does.
Here is the funny thing. If I want a command line shell to do stuff on a phone, Android is easy -- download a terminal app. The iPhone, I need to do the following:
1: JB the device. /etc/sshd/sshd_config to only allow access via RSA key, and disallow root access.
2: Hunt down "MobileTerminal 426", the Debian package.
3: Get on a wireless network.
4: Enable OpenSSH.
5: ssh into phone, change root and mobile password to something respectable (20+ characters.)
6: scp the Debian package and install it.
7: Install sudo from Cydia and configure it so I don't need to type in the insanely long password when I want root access.
8: Edit
9: Make sure the sshd is turned off in SBSettings unless it is needed. It will turn back on after a reboot.
All this so I can have full command line access to my iPhone and a method of copying files to and from the filesystem without restriction. The reason why I do the gymnastics with sshd as opposed to uninstalling it is so I can sftp in.
To boot, the only command line terminal app [1] that works on the iPhone (the Terminal app in Cydia is not iOS4 compatible and crashes on startup) doesn't seem to have the ability to do control keys other than control-C. Of course, I wonder if I can just use a normal app and ssh to loopback, but so far, that hasn't worked unless the device is on a Wi-Fi network.
Personally, if someone can make a good terminal emulator and put it on Cydia, I'd pay $5-$10 for it. Especially if it has an easy mechanism for doing control and meta keys, so if I feel insane enough to run emacs, I can.
[1]: A true terminal app that uses a shell and such. There are apps for ssh and such, but those don't have access to the whole phone's filesystem, and I doubt they would get approved if they had the ability to do so.
In modern parlance, "bricked" means "mildly inconvenienced for about 30 minutes" rather than "made completely inoperable to the point where the hardware is now about as useful as a standard brick" and "zero day" means "sometime within the next 5 years after the actual software was released in the first place."
Well, hell hath no fury like a geek who's been mildly inconvenienced.
Track your TV Shows with your iPhone - FREE
iOS 4 sucks on the iPhone 3G (nearly no new features, but much slower), so many are reluctant to update.
iOS4 doesn't suck on the 3G if you do a clean wipe of the OS before moving to 4. This has been a known issue for some time now. Wipe your 3G, then move to iOS4. I know plenty of folks running iOS4 on their 3G who absolutely love it. They have no issues with performance or it suck-ing. If you upgraded and already experience performance issues, backup your phone, restore to factory settings, upgrade to iOS4, then restore from backup. Problem solved.
From personal experience, this doesn't do anything to fix the problem - it will come back after restoring from the backup.
Track your TV Shows with your iPhone - FREE
Even back in the linux router modding days, "brick" was starting to lose its meaning. Someone announced a "de-bricking" technique and it started a whole debate on what "bricked" really meant.
I therefore propose new terminology: "turd" is when you can't fix it with JTAG or similar. You can still build houses out of turds, but it takes a lot more talent and dedication.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
What I have a problem with is that I own a 1st gen iPod touch; bought just a couple weeks before the gen 2's came out, so it's just under 2 years old. I cannot install iOS4, so I cannot install this patch. In essence, I have a device that works perfectly fine, but that has a gapping security hole in it that Apple refuses to patch. Why should I run out and buy another $300 device when the one I have now works perfectly fine? I'm really pissed right now. I also have 2 MacBook Pro's, and an iPad. Is Apple going to abandon them after 2 years? Probably. It's really aggravating how Apple is the "most environmentally concerned" electronics/computer company, yet they want me to throw away my perfectly functional device and buy a new one. Sure, I have the option to run Opera (it warns when downloading a PDF), jailbreak it and install the patch (which is what I'll probably end up doing) or just use it as a *gasp* iPod, but the point is I shouldn't have to. I don't want or need the other crap that comes with iOS4. I just want the damn security patch.
I would rather have seen a court ruling banning the prevention of jailbreak-type behavior, not just for phones, but for all consumer devices (game consoles, handheld items like e-book readers, etc).
The custom firmware setups for the PSP, for instance, are leaps and bounds ahead of the "official" firmware function-wise. PDF and image reader functions, improved video playback formats that the PSP firmware doesn't have (and in smaller space too), the ability to independently control the processor speed yourself rather than relying on sony's bitch firmware - at one point one CFW developer actually had a "save state" function that could enable completely shutting down the device (for improved battery life) and saving the system RAM to memory stick for resumption of an in-process game later.
"DRM" and "Protection" are bullshit.
Seriously? Now I'm feeling old. I still thought it meant that.
The main article states that iOS4 is updated. That is incorrect.
iOS 3x, or more correctly "iPhone OS 3" has also been updated in order to remove the flaw from iPads.
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...
No, they can't. The 3.2 series is only for the iPad, and doesn't exist for any iPhone/iPod. The 3.2.2 update does fix the vulnerability, but only iPad users can install it.
Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.
citation please.
i ask because i really doubt it was a similar hack. most of these so-called android trojans and viruses rely on 1) getting a user to install a non-market app for which they need to have explicitly allowed in their settings and 2) granting the app permissions to do malicious things.
http://www.facebook.com/group.php?gid=133380463371767&ref=ts
This is a petition to the U.S. Government's FCC (Federal Communication Commission) to mandate an unlock of all iPhones. We paid for the phone, we should be able to use it how we see fit.
Please post a message on the wall saying "Please unlock"
Only people with a US iPhone and contract please.
Spammers will be reported and banned.
if you disable most of the smart search functionality, it speeds up considerably, but is still not as fast as the 3.0 OS.
Bring back the old version of slashdot.
Shame you posted this anonymously, it's currently sitting at 0, Insightful. Can we stop this iPhone doublethink when it comes to security holes? This is a remote root hole. Someone can gain root on an iPhone just by making the owner visit a malicious web page. Fixing this hole is not a conspiracy to stop people jailbreaking their phones, it's a fix for a serious hole. Criticise Apple all you like for shipping the hole in the first place or for the time taken to provide the fix, but don't criticise them for addressing a serious vulnerability.
I am TheRaven on Soylent News
THis is the one thing that at least has me tempted to jailbreak my iPhone.
Beyond that...there's nothing on the "Unapproved App Store" that I remotely give a shit about. But thats just me.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Just file this under "CmdrTaco Hates Apple." In fact, I propose that as a new hash tag.
But then I realized the cable was blue, so I only gave it one star. I hate blue.
I have found a few reasons for jailbreaking - and I used Jailbreakme to break it. The first is backgrounding Apps. Apple, in their "brilliance", decided to limit this to just the iPhone 3GS and the iPhone 4. I can now run Pandora in background on my iPhone 3G. Second are things that add or compete with Apple apps. Being able to download files in Safari is a huge thing. So are running ports of VLC that allow me to play files other than in the crazy resolution and .h264 that Apple requires - i can now play MPEGs as well as a few other formats. Another app I have lets me download youtube videos. Sure, I can fire up my PC, use firefox and flashgot, pull the videos, run them MediaCoder or Adobe Meida Encoder, import them into iTunes then sync my iPhone, but this is way more convienent.
We paid for the phone, we should be able to use it how we see fit.
Actually, no, you didn't pay for the phone, at least not all of it. You paid $200, and AT&T paid more to Apple as a subsidy.
I'm sure I'm in the /. minority on this, but I really don't see the big deal about getting an unlocked phone in the US. They're not currently available from Apple, but if they were they'd cost about $600, based on what they sell for in Canada, and you're not entitled to have the iPhone you paid $200 for (subsidized) unlocked, so some questions:
The sense of entitlement by a lot of people is becoming increasingly disturbing. You want the iPhone 4 unlocked, but you don't (I assume) want to pay the full price for it, and you want the government to step in and tell AT&T / Apple to unlock a subsidized phone. Whatever. You are not entitled to an unlocked iPhone for $200.
I still cannot find the droids I am looking for...
I'm a long-suffering Ubuntu user, and I agree with you wholeheartedly.
If Macs are gay then bring on the gay. Ubuntu -- and for that matter -- all the other *nix distros I've used are clunky, fugly, and stupid. They're great for people who know what they're doing. For the 90% of users who just want the compruter to facebook, it's a damn pain in the ass. *nix is designed by people who have no sense of marketing nor design, and it shows. Apple's attitude is that "it's not enough to be good, you have to look good doing it." MS's attitude is "it's like your old comfy jeans. You're never going to throw them away." *nix's attitude is "BIKE SHORTS MOTHERFUCKER RTFM".
Let's be fabulous and make 2011 the year of the Linux desktop -- while we're still using desktops, FFS.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
it looks like that is a problem with Exchange, and has nothing to do with the iphone (other than the person who actually took screenshots of the Flash SMS uses an iphone, not surprising given most phones have no way to take screenshots :)
I agree with you. Especially on the topic of the sense of full entitlement by people becoming disturbing. There's a crazy influx of narcissism and egotism in America. Everyone feels they deserve everything because they're so important.
Oh well, nice post.
We paid for the phone, we should be able to use it how we see fit.
Actually, no, you didn't pay for the phone, at least not all of it. You paid $200, and AT&T paid more to Apple as a subsidy.
It's still a sale and not a lease. They fact that the sale price is subsidized via the sale of another product (2 year service contract) does not make it any less of a sale. If you buy a burrito and a bag of chips, the drink is only 25 cents. If you apply for a Macy's credit card, you get additional 40% off your purchase.
I'm sure I'm in the /. minority on this, but I really don't see the big deal about getting an unlocked phone in the US. They're not currently available from Apple, but if they were they'd cost about $600, based on what they sell for in Canada, and you're not entitled to have the iPhone you paid $200 for (subsidized) unlocked, so some questions:
You are confusing subsidized vs unlocked. They are 2 different things. I thought you could already get it unsubsidized, but not unlocked (at least in the U.S.).
Why would I want any "smartphone" without a data plan? What's the point? If that was my goal I'd go back to an iPod and a cheap Nokia
I don't know why you would want it, but that's not the point. One could still use it as a Wifi device with VoIP capabilities, etc. You may want to use it on T-Mobile, or get a plan from Canada, or sell it / give it to someone else from another country.
The only other carrier in the US is T-Mobile, but apparently they use some different frequencies and not everything works right, so I need AT&T anyway.
No you don't - 3G frequencies are different. Voice and 2G are the same.
Since I need a dataplan ($15 or $25 a month from AT&T), why would I pay $400 more for the unlocked phone, which amortized over 24 months is $16.67 a month?
Again, you are confusing subsidized vs unlocked.
The sense of entitlement by a lot of people is becoming increasingly disturbing. You want the iPhone 4 unlocked, but you don't (I assume) want to pay the full price for it, and you want the government to step in and tell AT&T / Apple to unlock a subsidized phone. Whatever. You are not entitled to an unlocked iPhone for $200.
Besides the "entitlement" argument, I agree with your point there - I am not convinced the government should step in.
On the other hand, you can get phones on contract. This involves signing up for a specified number of months, and possibly paying something up front. In this case, you're buying the phone, however you're essentially buying it on credit and paying it off over 12-24 months. In this case (at least over here) the phones generally come unlocked, so you can move to a different network if you wish, but you'll still have to pay your contract's monthly fee, even if you don't use the network.
In the latter case, I feel it's perfectly fair to consider the phone to belong to the customer. They've paid for it, and the service.
The other difference between the US and the UK is this ridiculous notion of crippled phones - over here, they might sometimes be locked to a network to cover the subsidy, but I've never had one which has had features deliberately disabled by the network which is what preventing you rooting the device basically amounts to.
No, 3.2.x is iPad-only.
For jailbreakers who want to be safe and keep their jailbreak, search for "PDF Loading Warner" in the Cydia store. It's a pop-up that will warn you if Safari is attempting to load a PDF, so you can cancel it if you're not expecting to be viewing a PDF.
For iPhone 2G and iPod Touch 1G users, there's no Apple-approved solution to the PDF exploit.
The jailbreak community is working on an actual PDF patch to fix the exploit. This could be the only solution for iPhone 2G/iPod Touch 1G users, to jailbreak their device and install the patch.
It's in test phase now, but you can get a copy: http://twitter.com/saurik/status/20958834996
--
#include <malloc.h>
free(your.mind);
For most any phone from AT&T, after the contract is up, they will let you unlock it. This makes since, because after the contract is done, you have effectively paid for it, and it does belong to you. I just recently did this with a Motorola RAZR V3xx. I called them up, said the phone was from an ended contract, and asked to unlock it. There were no questions or uncertainty, just "I can help you with that", and the person then gave me the unlock code and instructions after getting the phone's IMEI number.
This does not happen with the iPhone. After your contract is over, you still are not allowed to unlock it.
In addition, I personally will probably be paying the full ($600) price for my next iPhone, so that I am not tied into a contract. Why shouldn't I be able to have the phone unlocked?
Also, don't forget that you need to enter a contract with AT&T to get an iPhone in the first place. If you decide to get the phone for $200, you'll need to pay an extra $325 - $10 a month if you end the contract early. Plus there's the $36 for activation. If you cancel in the first month, you must return the phone, so you have to pay for at least one month of service, which is $65. So if you go this route, you end up paying a minimum of $200+$315+$36+$65=$616 plus taxes and fees.
So no, it is not in fact possible to have any sort of iPhone for a mere $200. Your complaints about entitlement are misplaced.
WHAT? The real security issue is that a website could own your device.
Relax. Take a deep breath. I'll wait. If you're ready now, I'll explain.
You said: Once they do that, these vulnerabilities will no longer have a beneficial side to them
I'm sorry, but what the heck are you talking about? I can think of a ton of vulnerabilities that would have a "beneficial" side to them. Say, for instance, a website were to install a key logger and capture all your passwords...
That was my fault for writing an ambiguous sentence. I should have said, "Once Apple gives control of the phone to the users, these vulnerabilities will no longer have a beneficial side to iPhone owners."
The exploits are a bad thing, I agree with you. However, since they currently have a legitimate use with a beneficial value to owners, there's an active incentive to keep phones unpatched and to delay updating when new firmware is released, because you're afraid updating it might disable your jailbreak. That is the greatest security issue there is: it encourages people to keep using phones with known exploits, and they do this on purpose, fully aware that there's an exploit, and fully aware that there's a fix for it.
I pay AT&T $200 and sign a 2 year contract ($~75/month). It is not $200 only, the cost is amortized over the period of the contract.
I cannot break that contract without legal recourse from AT&T. Why does AT&T have additional entitlement?
If I want/need to move to another carrier, I should be able to do so by paying the surrender value for the remainder of the contract, and take my working phone and my number to another carrier of my choice.
AT&T looses nothing, unless, they expect that the user will fork out additional funds. If there is sense of entitlement it is not with most users, but with AT&T.
citation please.
Welcome to Slashdot. We're discussing here. You might find that it's a different than, say, Wikipedia.
Advice: on VPS providers