Slashdot Mirror
IOS 4.1 Jailbroken Already
mspohr writes "Just hours after Apple released iOS 4.1 to great fanfare, hardware hackers found a way to jailbreak devices that run the new operating system. More surprising still, there doesn't appear to be anything Steve Jobs can do to stop them in the near future. The exploit in the boot ROM of iOS devices was first announced by iPhone Dev-Team member pod2g. It was soon confirmed by other hackers, who said that because the exploit targets such a low-level part of the operating system, Apple won't be able to stop jailbreakers without making significant hardware changes."
Apple always says Mac OS X and Apple products are secure, non-exploitable and virus free. How are there exploits then?
Just get a Nokia N900 that already gives you full root access and lets you boot into other stuff anyway without encouraging this closed and inferior platform.
Sigh, here are some problems I have with these kind of hacks:
1. If it really becomes a problem for steve, he will block it at the hardware level in the next major version, or even in the next minor version. ... :)
2. I cannot rely on the fact that there will always be a jailbreak available if I lose my phone, due to 1.
3. It is only semi-legal. Apple will not like me.
4. I loose support.
5. Companies cannot be based on these kind of hacks due to 1,2,3,4, so there will never be a large user-base (or it will grow very slowly)
6.
7. No profit! Due to 5.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
If I was a business who KNEW I'm fighting a world full of hackers I wouldn't fight them... I would help them. Most people wouldn't care, but those that I said "Hey, we've made it easy for you to do stuff... show me what you can do better and I'll pay you for it!
Apple instead wants to completely control how the users use their devices... and that just won't fly in today's world. That's like slapping a bull and kicking him in the balls. He's gonna ram you
would someone buy a piece of hardware that continually needs to be "jailbroken" just to be able to be used in the way they want to use it?
Of course, I say this as an owner of an LG Voyager, which doesn't allow you to load anything on it you don't pay Verizon directly for, so WTF am I talking about? (but at least I got it free.)
Some day you'll be able to own a broadband internet browsing cell phone that will only cost a few bucks a month to use, not $100 or more, and which you can load whatever the fuck you want to on.
Oh who the hell am I kidding. No there won't.
This space available.
For those software engineers still convinced that they can craft the perfect, unbreakable, uncrackable security, you should take two hours of your life and go rent Titanic, the movie about the "unsinkable" White Star cruise liner. There's a valuable metaphore in there for you.
By the sound of it, Apple's next move will be to lock down the devices at the hardware level (this gives them a good excuse) and they will have no second thoughts about doing it at all. This means even more locked down "trusted computing" devices in our future. And the sad thing is the consumers won't care either way.
As the island of our knowledge grows, so does the shore of our ignorance.
If you have a system that people can get at and modify, then there is no such thing as a secure system. This idea that you can make an OS that can't be exploited is BS. Certainly things can be done to make it harder, but you can't make it impossible.
You discover that in the event you do need something, like say a database server, that is "exploit free" that to get it you have to cope with a lot of restrictions. The company that sells it to you, someone like IBM, will be providing the hardware, OS, software, and so on. They'll have tested it all extensively to make sure that there aren't any hidden issues that might cause a crash. Once in place, you don't get to touch it. There is no installing software on it, no messing with it. It will run what they say it'll run. If changes need to be made, it'll be a lengthy and expensive process.
What's more, nothing will get at it directly. It'll be behind a firewall (not necessarily the kind of firewall you are used to thinking of), inputs will be sanitized, that kind of thing. It will only get inputs that are clean, in the correct format, that can't cause problems. Needless to say, it'll be in a secure server room and your staff had better leave it alone.
When you totally control a system like that, yes with testing you can be pretty sure it is "bug free" and "exploit free". However for something going out to the masses? No such thing. The person with physical access can pretty much do anything, but even if not security is hard to guarantee. When arbitrary apps can be installed, some of those can be evil. Things like filtering them (as is done with the app store) can reduce it, but not eliminate it.
The best solution to the Apple Problem is simple: do not buy their products.
Perhaps Jobs and co. will realize that many of their end users are not the mindless idiots they seem to think everyone is.
Personally I will never purchase or endorse Apple products. I am, like many Slashdotters, the family computer fixit guy, but I've made it quite clear that I won't touch anything by Apple. My computers are iTunes and Quicktime free for a reason.
This was posted from my Galaxy S Vibrant, easily rooted (I do not envy the people who have to jump through hoops just to make their devices do what they want them to).
This is my experience of jailbreaking the around the time of 3.0-3.1. The quality of the external software was dire, and it pushed the cost of maintenance away from someone else (Apple) and onto me.
I like playing around with buggy cheap software as much as any other Linux user, but you don't want an app to crash while calling the emergency services!
You're forgetting something important here I think.
Only a very small fraction of the iPhone users actually attempt to jailbreak their device. The majority of people is perfectly happy with the way it works and have no desire to 'hack' it.
Let's not forget that apart from the very closed system it uses the iPhone itself is very very well designed in terms of usability.
When I bought my 3GS it didn't even come with a manual. Just the phone and some cables and stuff. Now, that's a bold statement.
Telling your customers 'our device is so user friendly that you don't need a manual, it just works and you'll understand completely how it works without any help needed at all'.
Steve's fight against jailbreaking is a useless fight and he knows that. I think apple only tries to not let it get out of hand. But I don't think it worries them too much. 90% of their customers don't care about it anyway and rightfully so.
Of course, when I saw a HTC desire running Android in action I ditched my iPhone and orderded a Desire rightaway ;-)
Life starts at the end of your comfort zone.
As an android user - let me enlighten you.
The android platform is DESIGNED to be rootable and hackable, the phone made by the android developers - the Nexus 1 comes with rooting just a click away.
There ARE other manufacturers who try to make rooting harder - none of them have made it particularly impossible, I rooted mine in an hour. But you cannot blame this on the platform. It's not Android that made HTC obfuscate their bootloader, that is HTC's fault alone. In apple's case the hardware and software are always from the same source. In android's case it almost never is - so that adds an important distinction.
Finally - nobody roots their systems because we "have to in order to use a feature". We do it because by using thirdparty versions of android we can get certain features sooner, or run newer versions of the OS - or hell just enjoy having a root shell on our phones - some of us have FUN with that.
I rooted my HTC desire to get CyanoGenMod for Froyo 2.2 - about a week before HTC brought out an OTA update for Sense based on it. Didn't bug me much - I had no guarantee of said version coming now or ever, I had no wish to wait for it and I liked being able to upgrade when I wanted to. I also having now used both prefer CyanoGenMod over Sense - it's a stabler UI with less bugs and a cleaner, slicker interface to work with while still being the same essential android in it's core design (of course that part is a subjective judgement but speaking for myself - I prefer it).
Having rooted once - I now control the bootloader with my own recovery version and goldcard which means I can now install any rom code I want. I can swap at any time. I can backup the current rom try something else and restore it if I wanted to...
I like having power over my device. Apple actively tries to stop me getting it. Android actively encourages it and even when a device maker tries to follow the apple approach once broken it's broken for good - and without the associated risks of jailbreaking an iPhone. I'll still get updates, I will still get fixes because many third-parties provide them. I still have the official appmarket working just fine and I know it always will because google makes it freely available so modmakers can provide packages to install it (though they are not allowed to preinstall it inside the mod).
In short - the reason you see such a huge disconnect is because you're comparing apples with oranges. It only looks similar from a distance - in reality the two platforms approach to user restriction couldn't be further removed from each other and rooting an android is a much lesser deal than rooting an iphone.
Iphone's are jailbroken to enable power the user should have had the choice to get in the first place.
Androids are rooted because hacking devices is FUN.
Unicode killed the ASCII-art *
If they're releasing Jailbreaks this close to the release of an OS then it seems to make sense that they've got a list of vulnerabilities stashed away somewhere. All they do when Apple releases the next one is go down the list. The time between the OS being released and the Jailbreak is only going to be them tidying up the distribution of the Jailbreak so people can do it to phones in the Apple store. The Jailbreakers would be foolish to unleash the lowest level Jailbreak at this point as they could end up with nowhere to go after this. I was surprised with the last one where you could just visit a web page to get the job done. Good job the page just Jailbroke the phone and didn't decide to steal all your data or install something nasty that somehow managed to survive even an iTunes restore.
Task Mangler
Or, you could just stop buying that shit. Sorta like number 3 but no nearly so complex and inter-related. The fact that lots of people still do means that the majority of them don't care about those same things.
I don't know how many times I've had to explain to people about the iTunes installation limits, DVD/BluRay region encoding, HDCP and other similar things, but it doesn't stop *anyone* from actually using that service/product. We that actually care are in the minority. And it's *incredibly* simple for anyone to get their head around - if you don't like the terms of what you signed up to, don't sign up to it.
Unfortunately, almost everyone I know has a contract-paid mobile phone, sometimes with upgrades every year even if they don't want them, has an un-cracked DVD player or DVD software, has things bought from the Wii store that they can't easily move onto another Wii, has a car that won't allow them to use third party parts without destroying the entire warranty, etc.etc.etc.
There's an awful lot of consumer protection enshrined in law that these EULA's claim to override. Most of the time they don't, because you can't give away certain rights, especially in a "shrinkwrap" license that you haven't signed. But how many lawsuits are there over them? How many people just re-buy a TomTom map when they break their device and want to move it onto their new one? People just don't care because, in everyday life, in ordinary usage, there's no need to worry about such things. Accepting that you "can't" copy something and buying yet-another-copy takes significantly time, effort and money (if you think of your time as being billable) than fighting for the opposite.
Such apathy is rampant. You can't change that amount of people's minds that quickly, especially not for something that has a very minor impact on their life.
And the rules are ever so simple: Don't do business with companies that play these games, don't buy products that have these "features".
That's always been the rule, whether you're talking pyramid schemes, endowment mortgages, oxygen-free gold-plated audio cables or whatever else. If the product will cost you time/money because of a problem, or doesn't do what it says it does, don't put money their way.
People like myself have a running blacklist. There are products/companies that I will not give money to again. People assume that I'm actually not enforcing it that strictly but actually there's yet to be a single company that's pulled itself off that list. It includes everything from mobile phone companies that like to hang up on me, to the chip shop where the woman was extremely grumpy and grouchy but still wanted to take my money, to the IT suppliers that I've used during the course of my career, to the software manufacturers that have ignored repeated bug reports, to the GPS manufacturer that refused to refund me after changing the way their "Whole of Europe" maps worked (making me connect to the Internet to download and install each country's map every time I cross a border kinda spoils the point of having a "Whole of Europe" map in the first place), to the bank that laughed at my mortgage application (whereas the little mortgage shop next door gladly gave me a better deal without query and has had many years of perfect, on-time accurate payments every since).
My personal blacklist does not dent Sony, or HDCP manufacturers, or the mobile phone companies one bit. I'm not stupid, I know that. But it sure hurts the local shops, small businesses and general reputation of them among my friends and colleagues.
http://www.apple.com/macosx/security/
Very first sentence on the page..
It's deceiving to the point of almost lying. You can whine about the finer points of that sentence and how a Mac isn't a PC etc, etc. However we all know that it's been specifically designed to fool those with less knowledge of computers.
No other industry would be able to get away with such "facts".
It's deceiving to the point of almost lying.
No, it really isn't. Only the anti-Mac fascists would say that about that statement. Do you complain as much as the 'Intel-inside' sticker? How many millions of ppl have been fooled into thinking that one sticker makes the system better? Or how about all those 'lowest TCO compared to Linux' studies that MS payed for ten years ago.
No other industry would be able to get away with such "facts".
Every industry from cars to diapers is full of these "facts"! Here's some:
-Every car manufacturer proclaims that every one of their cars is "best in it's class", but they never say what the class is, or the study was paid for they the company.
-Cereal that are advertised as 'Natural', which can mean anything.
-Or how about 'Fat-free" foods? Nowhere on the container will it say that the calories are still the same as the regular stuff because they replace the fat with sugar.
-Stores that have 0% financing, but they don't tell you up front that there is a $129 'Administrative fee'
'No, it really isn't.'
Yes, it really is. It is a misleading marketing tactic and it's improperly using technological terminology to fool a customer into thinking they're making the superior choice by purchasing an Apple product, when anyone with any real technical knowledge knows these claims are patently false.
Did you fail English class?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
"Obviously not 100%, because people had been saying "Mac or PC" to refer to the difference between Windows and Mac OS"
You don't know your history very well - that was back in the day when Apple's hardware was VASTLY different from the x86 architecture and it made SENSE to say "Do you have a Mac or PC?"
Now, the hardware is the EXACT SAME. There is no underlying architectural difference so saying "PC or Mac?" is nonsense, misleading, and again, 100% BULLSHIT.
"OSX or Windows?" is the proper question. Anything else is a pure bit of marketing bullshit.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.