IOS 4.1 Jailbroken Already

mspohr writes "Just hours after Apple released iOS 4.1 to great fanfare, hardware hackers found a way to jailbreak devices that run the new operating system. More surprising still, there doesn't appear to be anything Steve Jobs can do to stop them in the near future. The exploit in the boot ROM of iOS devices was first announced by iPhone Dev-Team member pod2g. It was soon confirmed by other hackers, who said that because the exploit targets such a low-level part of the operating system, Apple won't be able to stop jailbreakers without making significant hardware changes."

Apple's security

Apple always says Mac OS X and Apple products are secure, non-exploitable and virus free. How are there exploits then?

Re:Apple's security

this is absolutely incorrect, the first gen ios4 exploits were remote exploits.

Re:Apple's security

The point you miss is that it existing. These devices are not new and apple have plenty of unix experience these days. Their apps are broken and they're running at the wrong user level. They basically have a bad a reputation as MS for securing their devices.

Re:Apple's security

[jefe7777]

if you have physical access to the box, all bets are off.

you must be new here...

Re:Apple's security

[Servaas]

Correct way of stating is: They are too locked down when it comes to user configuration yet to open to be called a secure device.

Re:Apple's security

[Whiney+Mac+Fanboy]

is it that Apple lock their devices down too much? Or that they are not locked down enough? Can't be both...

Why can't it be both? Can't you grasp the difference between too locked down for the owner and too locked down for an attacker?

Let me put it in the same way (including misspellings) as your original post:

Suckure from what? External sources?--Generally not enough. Secure from the owner modifying the software directly?--Generally too much.

Re:Apple's security

[ohcrapitssteve]

It's mathematically impossible to make a device completely safe from someone who has complete physical control over it. You can encrypt this and that all you like, but it's literally only a matter of time before someone applies enough computing power and breaks said rights-management. Boot loaders can be heavily obfuscated against reverse engineering, but since the device has to actually boot and work at some point, there's a key to the proverbial lock in that haystack somewhere. I hope I'm making sense, coffee hasn't kicked in yet.

And as for jailbreakme.com, yes, that was a genuine surf-and-get-pwned situation that utilized a "one-two punch" of two exploits, one that caused MobileSafari to execute arbitrary code, and the other that allowed the Unix user that MobileSafari runs as to execute a second payload of code as root. THIS "jailbreak" method was a prime example of sloppy coding and a lack of security mindfulness. Apple could have actually taken a page from Microsoft's recent secure coding initiative by renting some computing power and fuzzing files fed to their world-facing services to try to flesh out exploits. The Unix security model offers fantastic security if you a] implement it correctly and b] don't code sloppily. I get that Apple engineers are probably under an insane time-crunch, but still.

These bootloader jailbreaks however are just cat-and-mouse/whackamole between Apple who has to secure a device but yet make the damn thing actually boot, and an indefinite number of hackers with nothing but time. Hope I've cleared up any confusion anyone feels.

Re:Apple's security

[erroneus]

I generally agree with this sentiment. Typically, locked down and secure are not always the same, but as Apple's style seems to revolve around things being locked down where user and developer freedoms are concerned, it would seem quite natural that they would also lock down the way apps and the OS behave as well. The fact that Mac OS X demonstrably doesn't follow this pattern religiously would seem to indicate that they don't follow their own ideals. Unixes have tremendous capacity for being locked down and secured. It says something "not good" when they fail to take advantage of those features and functions... it's almost as if they don't know what they are doing or don't care to do it right if they do. I would expect more from their highly paid and decorated experts.

People are led to believe they should expect more from Apple; higher standards of quality. This doesn't appear to be bearing out.

With all this Apple-negative said, I still believe that if they got more serious about it, they could probably accomplish what they set out to do -- they just have to want to do it.

Re:Apple's security

[oztiks]

Absolute fantasy! Apple is unprepared for security and the way the iPad has been cobbled together is proof of this. Their software hasn't been targeted until now and the exploitation of Apple products _are_ becoming more commonplace.

You cant compare it to how Windows was back in the day or any notions like that because Apple is currently going through what Microsoft was unprepared for back then but with a more sophisticated mindset and strategy (crackers / cyber-criminals are smarter these days). Apple based itself on UNIX around the time the internet became common in the household as a result saved them a fair amount of grief but hardly places it as a more secure product in todays world.

The lack of Apples popularity had always kept them in niche marketplaces until now but the iPhone now makes them commonplace and popular enough to mean money for blackmarket hacking. This doesn't mean its more secure its totally the opposite. It means it's less secure because it hasn't been targeted until now. In fact I'd spout there are just as many exploits in the wild for iOS and MacOS as there is for Windows Vista in present day.

For companies a high patch rate and focus on security means a hampering of innovation because development resources becomes focused on fixing problems rather than creating new features. Truthfully, the iPad is a product of that hampering, from my experience its like using a half built house with its scaffolding still attached too it and for the iPhone 4 even the sales people at the phone store cant find feature lists convincing enough to get me to upgrade from a 3GS to a 4. The question "why should i upgrade?" doesn't get answered with a solid response.

Did we get any of those iPhone 4 sales through the roof crap this month on /. ? No Thank God!!!

Re:Apple's security

[Moridineas]

The lack of Apples popularity had always kept them in niche marketplaces until now but the iPhone now makes them commonplace and popular enough to mean money for blackmarket hacking. This doesn't mean its more secure its totally the opposite. It means it's less secure because it hasn't been targeted until now. In fact I'd spout there are just as many exploits in the wild for iOS and MacOS as there is for Windows Vista in present day.

Such as?

Truthfully, the iPad is a product of that hampering, from my experience its like using a half built house with its scaffolding still attached too it and for the iPhone 4 even the sales people at the phone store cant find feature lists convincing enough to get me to upgrade from a 3GS to a 4. The question "why should i upgrade?" doesn't get answered with a solid response.

What about the iPad?

re: sales people -- it's the phone store, the capitalist equivalent of going to the DMV. I still have a 3gs but the reasons to upgrade are obvious -- vastly improved camera and vastly improved screen. That's what matters to me at least...

Re:Apple's security

[mlts]

It is also mathematically impossible to make a 100% secure symmetric crypto algorithm if the key is shorter than the data being enciphered. However, we can make something that won't be broken even after the universe dies a heat death.

Same with devices. Look at the PS3. It took 5 years for any notable breaks to happen, and as time goes on, it will become harder and harder because it will be easier to embed the critical startup keys in layers of epoxy and tamper-resistant circuitry that can't be dealt with without a chip fab with uncapping capabilities.

Re:Apple's security

[sarhjinian]

Adobe's shitty PDF specification that allows embedded fonts to be stored in documents

There's nothing wrong with this. The intent of PDF is to make a document viewable on every platform in the same way and you can't do that without either embedding fonts or re-rendering fonts as outline drawings (which wastes a lot of space, makes text editing and markup impossible, and increases complexity).

Re:Apple's security

[ceoyoyo]

In the (fourish) year history of the iPhone there have been two (real) remote exploits, both of which were used for jailbreaking and apparently for nothing else, and a parade of local exploits. The first remote exploit took a while to fix, the second was fixed pretty fast.

The remote ones are an advantage to an attacker. The local ones are an advantage to the owner.

Apple's done a pretty good job of keeping the platform secure from attackers. They've probably done too good a job of keeping it secure from the user, but I don't think they've had a very serious go at the latter.

Come on guys

[dbIII]

Just get a Nokia N900 that already gives you full root access and lets you boot into other stuff anyway without encouraging this closed and inferior platform.

Re:Come on guys

But is it as delicious to use as the iPhone? I think I'd rather live in someone else's well-maintained garden than a bitumen courtyard of my own. I'm not really interested in tinkering with my device - I just want it to work.

the problem with these hacks

[StripedCow]

Sigh, here are some problems I have with these kind of hacks:

1. If it really becomes a problem for steve, he will block it at the hardware level in the next major version, or even in the next minor version.
2. I cannot rely on the fact that there will always be a jailbreak available if I lose my phone, due to 1.
3. It is only semi-legal. Apple will not like me.
4. I loose support.
5. Companies cannot be based on these kind of hacks due to 1,2,3,4, so there will never be a large user-base (or it will grow very slowly)
6. ...
7. No profit! Due to 5. :)

Why on earth...

[Jafafa+Hots]

would someone buy a piece of hardware that continually needs to be "jailbroken" just to be able to be used in the way they want to use it?

Of course, I say this as an owner of an LG Voyager, which doesn't allow you to load anything on it you don't pay Verizon directly for, so WTF am I talking about? (but at least I got it free.)

Some day you'll be able to own a broadband internet browsing cell phone that will only cost a few bucks a month to use, not $100 or more, and which you can load whatever the fuck you want to on.

Oh who the hell am I kidding. No there won't.

Well, that was fast.

[Drakkenmensch]

For those software engineers still convinced that they can craft the perfect, unbreakable, uncrackable security, you should take two hours of your life and go rent Titanic, the movie about the "unsinkable" White Star cruise liner. There's a valuable metaphore in there for you.

I don't like where this arms race is going...

[mario_grgic]

By the sound of it, Apple's next move will be to lock down the devices at the hardware level (this gives them a good excuse) and they will have no second thoughts about doing it at all. This means even more locked down "trusted computing" devices in our future. And the sad thing is the consumers won't care either way.

Because they are full of shit

[Sycraft-fu]

If you have a system that people can get at and modify, then there is no such thing as a secure system. This idea that you can make an OS that can't be exploited is BS. Certainly things can be done to make it harder, but you can't make it impossible.

You discover that in the event you do need something, like say a database server, that is "exploit free" that to get it you have to cope with a lot of restrictions. The company that sells it to you, someone like IBM, will be providing the hardware, OS, software, and so on. They'll have tested it all extensively to make sure that there aren't any hidden issues that might cause a crash. Once in place, you don't get to touch it. There is no installing software on it, no messing with it. It will run what they say it'll run. If changes need to be made, it'll be a lengthy and expensive process.

What's more, nothing will get at it directly. It'll be behind a firewall (not necessarily the kind of firewall you are used to thinking of), inputs will be sanitized, that kind of thing. It will only get inputs that are clean, in the correct format, that can't cause problems. Needless to say, it'll be in a secure server room and your staff had better leave it alone.

When you totally control a system like that, yes with testing you can be pretty sure it is "bug free" and "exploit free". However for something going out to the masses? No such thing. The person with physical access can pretty much do anything, but even if not security is hard to guarantee. When arbitrary apps can be installed, some of those can be evil. Things like filtering them (as is done with the app store) can reduce it, but not eliminate it.

Re:I've never understood why they fight this...

[BasilBrush]

Because content providers like to be paid for their products. If you go to one of the app crack web-sites, it's amazing how so many jailbreakers can afford to buy an iPhone, but will then go to some effort to steal 99c from an app developer.

Re:Where do they say that?

[oogoliegoogolie]

It's deceiving to the point of almost lying.
No, it really isn't. Only the anti-Mac fascists would say that about that statement. Do you complain as much as the 'Intel-inside' sticker? How many millions of ppl have been fooled into thinking that one sticker makes the system better? Or how about all those 'lowest TCO compared to Linux' studies that MS payed for ten years ago.

No other industry would be able to get away with such "facts".
Every industry from cars to diapers is full of these "facts"! Here's some:
-Every car manufacturer proclaims that every one of their cars is "best in it's class", but they never say what the class is, or the study was paid for they the company.
-Cereal that are advertised as 'Natural', which can mean anything.
-Or how about 'Fat-free" foods? Nowhere on the container will it say that the calories are still the same as the regular stuff because they replace the fat with sugar.
-Stores that have 0% financing, but they don't tell you up front that there is a $129 'Administrative fee'

Re:Where do they say that?

[Khyber]

'No, it really isn't.'

Yes, it really is. It is a misleading marketing tactic and it's improperly using technological terminology to fool a customer into thinking they're making the superior choice by purchasing an Apple product, when anyone with any real technical knowledge knows these claims are patently false.

Did you fail English class?