Slashdot Mirror

← Back to Stories (view on slashdot.org)

IOS 4.1 Jailbroken Already

Posted by samzenpus on from the what-took-so-long dept.

mspohr writes "Just hours after Apple released iOS 4.1 to great fanfare, hardware hackers found a way to jailbreak devices that run the new operating system. More surprising still, there doesn't appear to be anything Steve Jobs can do to stop them in the near future. The exploit in the boot ROM of iOS devices was first announced by iPhone Dev-Team member pod2g. It was soon confirmed by other hackers, who said that because the exploit targets such a low-level part of the operating system, Apple won't be able to stop jailbreakers without making significant hardware changes."

25 of 315 comments (clear)

  1. Apple's security by Anonymous Coward · · Score: 4, Insightful

    Apple always says Mac OS X and Apple products are secure, non-exploitable and virus free. How are there exploits then?

    1. Re:Apple's security by Anonymous Coward · · Score: 5, Insightful

      this is absolutely incorrect, the first gen ios4 exploits were remote exploits.

    2. Re:Apple's security by Anonymous Coward · · Score: 3, Insightful

      The point you miss is that it existing. These devices are not new and apple have plenty of unix experience these days. Their apps are broken and they're running at the wrong user level. They basically have a bad a reputation as MS for securing their devices.

    3. Re:Apple's security by Servaas · · Score: 3, Insightful

      Correct way of stating is: They are too locked down when it comes to user configuration yet to open to be called a secure device.

    4. Re:Apple's security by Whiney+Mac+Fanboy · · Score: 4, Insightful

      is it that Apple lock their devices down too much? Or that they are not locked down enough? Can't be both...

      Why can't it be both? Can't you grasp the difference between too locked down for the owner and too locked down for an attacker?

      Let me put it in the same way (including misspellings) as your original post:

      Suckure from what? External sources?--Generally not enough. Secure from the owner modifying the software directly?--Generally too much.

      --
      There are shills on slashdot. Apparently, I'm one of them.
    5. Re:Apple's security by erroneus · · Score: 3, Insightful

      I generally agree with this sentiment. Typically, locked down and secure are not always the same, but as Apple's style seems to revolve around things being locked down where user and developer freedoms are concerned, it would seem quite natural that they would also lock down the way apps and the OS behave as well. The fact that Mac OS X demonstrably doesn't follow this pattern religiously would seem to indicate that they don't follow their own ideals. Unixes have tremendous capacity for being locked down and secured. It says something "not good" when they fail to take advantage of those features and functions... it's almost as if they don't know what they are doing or don't care to do it right if they do. I would expect more from their highly paid and decorated experts.

      People are led to believe they should expect more from Apple; higher standards of quality. This doesn't appear to be bearing out.

      With all this Apple-negative said, I still believe that if they got more serious about it, they could probably accomplish what they set out to do -- they just have to want to do it.

    6. Re:Apple's security by oztiks · · Score: 5, Insightful

      Absolute fantasy! Apple is unprepared for security and the way the iPad has been cobbled together is proof of this. Their software hasn't been targeted until now and the exploitation of Apple products _are_ becoming more commonplace.

      You cant compare it to how Windows was back in the day or any notions like that because Apple is currently going through what Microsoft was unprepared for back then but with a more sophisticated mindset and strategy (crackers / cyber-criminals are smarter these days). Apple based itself on UNIX around the time the internet became common in the household as a result saved them a fair amount of grief but hardly places it as a more secure product in todays world.

      The lack of Apples popularity had always kept them in niche marketplaces until now but the iPhone now makes them commonplace and popular enough to mean money for blackmarket hacking. This doesn't mean its more secure its totally the opposite. It means it's less secure because it hasn't been targeted until now. In fact I'd spout there are just as many exploits in the wild for iOS and MacOS as there is for Windows Vista in present day.

      For companies a high patch rate and focus on security means a hampering of innovation because development resources becomes focused on fixing problems rather than creating new features. Truthfully, the iPad is a product of that hampering, from my experience its like using a half built house with its scaffolding still attached too it and for the iPhone 4 even the sales people at the phone store cant find feature lists convincing enough to get me to upgrade from a 3GS to a 4. The question "why should i upgrade?" doesn't get answered with a solid response.

      Did we get any of those iPhone 4 sales through the roof crap this month on /. ? No Thank God!!!

    7. Re:Apple's security by sarhjinian · · Score: 4, Insightful

      Adobe's shitty PDF specification that allows embedded fonts to be stored in documents

      There's nothing wrong with this. The intent of PDF is to make a document viewable on every platform in the same way and you can't do that without either embedding fonts or re-rendering fonts as outline drawings (which wastes a lot of space, makes text editing and markup impossible, and increases complexity).

      --
      --srj/mmv
  2. Come on guys by dbIII · · Score: 4, Insightful

    Just get a Nokia N900 that already gives you full root access and lets you boot into other stuff anyway without encouraging this closed and inferior platform.

    1. Re:Come on guys by Jesus_666 · · Score: 3, Interesting

      Remember that iOS also runs on iPods. When I buy a PDA/MP3 player I don't necessarily want it to have a mobile phone built in. I also don't neccessarily want to pay some four hundred bucks for it. Plus there's the demographic of those who used the Back to School offer or bought their iPod second hand or refurbished.

      My touch cost me thirty-five bucks (Back to School; I was getting a new MBP and happened across the offer). Unless you can show me a Nokia smartphone for that price I'm going to be content with having to jailbreak it.

      --
      USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
    2. Re:Come on guys by CRCulver · · Score: 3, Interesting

      Don't give up on Nokia just yet. The MeeGo platform that will appear on their next most powerful smartphones is a fully functional Linux distribution that is certainly superior to Android for hackability.

    3. Re:Come on guys by TheRaven64 · · Score: 3, Informative

      MeeGo is the renamed version of Maemo, which is what the N900 runs already. It's Linux, X11, a custom window manager and a set of apps designed for mobile devices. Because, unlike Android, it runs X11, most desktop apps will work with just a recompile, although for best results you will want to tweak the UI for small screens.

      --
      I am TheRaven on Soylent News
  3. the problem with these hacks by StripedCow · · Score: 3, Insightful

    Sigh, here are some problems I have with these kind of hacks:

    1. If it really becomes a problem for steve, he will block it at the hardware level in the next major version, or even in the next minor version.
    2. I cannot rely on the fact that there will always be a jailbreak available if I lose my phone, due to 1.
    3. It is only semi-legal. Apple will not like me.
    4. I loose support.
    5. Companies cannot be based on these kind of hacks due to 1,2,3,4, so there will never be a large user-base (or it will grow very slowly)
    6. ...
    7. No profit! Due to 5. :)

    --
    If Pandora's box is destined to be opened, *I* want to be the one to open it.
  4. I've never understood why they fight this... by CodePwned · · Score: 4, Interesting

    If I was a business who KNEW I'm fighting a world full of hackers I wouldn't fight them... I would help them. Most people wouldn't care, but those that I said "Hey, we've made it easy for you to do stuff... show me what you can do better and I'll pay you for it!

    Apple instead wants to completely control how the users use their devices... and that just won't fly in today's world. That's like slapping a bull and kicking him in the balls. He's gonna ram you

    1. Re:I've never understood why they fight this... by BasilBrush · · Score: 4, Insightful

      Because content providers like to be paid for their products. If you go to one of the app crack web-sites, it's amazing how so many jailbreakers can afford to buy an iPhone, but will then go to some effort to steal 99c from an app developer.

    2. Re:I've never understood why they fight this... by Oink · · Score: 4, Funny

      How did this get marked as interesting? It's a basic logical fallacy. Precisely *because* they spent all their money on an iphone, they can no longer afford apps. It's the whole butter or guns argument.

      The same response can be levied against one who asks how it is we can go to the moon, yet not cure the common cold.

      --
      ----------------- Oink. Moo. rarr! -----------------
    3. Re:I've never understood why they fight this... by end100 · · Score: 3, Interesting

      I for one jailbreak my iPhone, and yet i still buy apps. Funny isn't it?

    4. Re:I've never understood why they fight this... by thasmudyan · · Score: 3, Informative

      The fact that hacks keep coming out and left reasonably open for local user leads me to believe that Apple in reality don't care so much, but have an obligation to the big content producers to give "best effort" to keep the device secure.

      No, Apple would like to sue jailbreakers for their last penny if they could:
      http://www.wired.com/threatlevel/2010/07/feds-ok-iphone-jailbreaking/

      It's only after a protracted legal fight and sheer judicial coincidence that users are legally allowed to jailbreak their own devices. For the future, you can bet on two things:
      1) Apple will put in a big effort to make jailbreaking more difficult even if it further undermines the usefulness of their devices for normal users
      2) The courts will rule jailbreaking illegal in the long run. It escapes me how the recent ruling was even possible with the DMCA and all, rest assured they will "fix" this again.

      Also, the distinction between Apple and big content producers is invalid. Apple has impossibly close ties to Disney, a content company famous for its hardcore litigation practices, shameless lobbying efforts, and unique in the way it seeks to infuse our culture with conservative religious "values".

      Oh, and yeah, on a related note: I finally bought an iPad last week. I searched very hard for a real open alternative that had just the right features, there was none.

  5. Because they are full of shit by Sycraft-fu · · Score: 3, Insightful

    If you have a system that people can get at and modify, then there is no such thing as a secure system. This idea that you can make an OS that can't be exploited is BS. Certainly things can be done to make it harder, but you can't make it impossible.

    You discover that in the event you do need something, like say a database server, that is "exploit free" that to get it you have to cope with a lot of restrictions. The company that sells it to you, someone like IBM, will be providing the hardware, OS, software, and so on. They'll have tested it all extensively to make sure that there aren't any hidden issues that might cause a crash. Once in place, you don't get to touch it. There is no installing software on it, no messing with it. It will run what they say it'll run. If changes need to be made, it'll be a lengthy and expensive process.

    What's more, nothing will get at it directly. It'll be behind a firewall (not necessarily the kind of firewall you are used to thinking of), inputs will be sanitized, that kind of thing. It will only get inputs that are clean, in the correct format, that can't cause problems. Needless to say, it'll be in a secure server room and your staff had better leave it alone.

    When you totally control a system like that, yes with testing you can be pretty sure it is "bug free" and "exploit free". However for something going out to the masses? No such thing. The person with physical access can pretty much do anything, but even if not security is hard to guarantee. When arbitrary apps can be installed, some of those can be evil. Things like filtering them (as is done with the app store) can reduce it, but not eliminate it.

  6. Re:The Best Solution by nOw2 · · Score: 4, Funny

    I am, like many Slashdotters, the family computer fixit guy,.

    Well, that's what you get if your family doesn't use Macs.

  7. Re:Raise the white flag, Steve? by dtml-try+MyNick · · Score: 4, Interesting

    You're forgetting something important here I think.
    Only a very small fraction of the iPhone users actually attempt to jailbreak their device. The majority of people is perfectly happy with the way it works and have no desire to 'hack' it.

    Let's not forget that apart from the very closed system it uses the iPhone itself is very very well designed in terms of usability.

    When I bought my 3GS it didn't even come with a manual. Just the phone and some cables and stuff. Now, that's a bold statement.
    Telling your customers 'our device is so user friendly that you don't need a manual, it just works and you'll understand completely how it works without any help needed at all'.

    Steve's fight against jailbreaking is a useless fight and he knows that. I think apple only tries to not let it get out of hand. But I don't think it worries them too much. 90% of their customers don't care about it anyway and rightfully so.

    Of course, when I saw a HTC desire running Android in action I ditched my iPhone and orderded a Desire rightaway ;-)

    --
    Life starts at the end of your comfort zone.
  8. Re:Why all the iPhone hack-talk but none for Andro by silentcoder · · Score: 4, Interesting

    As an android user - let me enlighten you.
    The android platform is DESIGNED to be rootable and hackable, the phone made by the android developers - the Nexus 1 comes with rooting just a click away.

    There ARE other manufacturers who try to make rooting harder - none of them have made it particularly impossible, I rooted mine in an hour. But you cannot blame this on the platform. It's not Android that made HTC obfuscate their bootloader, that is HTC's fault alone. In apple's case the hardware and software are always from the same source. In android's case it almost never is - so that adds an important distinction.

    Finally - nobody roots their systems because we "have to in order to use a feature". We do it because by using thirdparty versions of android we can get certain features sooner, or run newer versions of the OS - or hell just enjoy having a root shell on our phones - some of us have FUN with that.

    I rooted my HTC desire to get CyanoGenMod for Froyo 2.2 - about a week before HTC brought out an OTA update for Sense based on it. Didn't bug me much - I had no guarantee of said version coming now or ever, I had no wish to wait for it and I liked being able to upgrade when I wanted to. I also having now used both prefer CyanoGenMod over Sense - it's a stabler UI with less bugs and a cleaner, slicker interface to work with while still being the same essential android in it's core design (of course that part is a subjective judgement but speaking for myself - I prefer it).

    Having rooted once - I now control the bootloader with my own recovery version and goldcard which means I can now install any rom code I want. I can swap at any time. I can backup the current rom try something else and restore it if I wanted to...

    I like having power over my device. Apple actively tries to stop me getting it. Android actively encourages it and even when a device maker tries to follow the apple approach once broken it's broken for good - and without the associated risks of jailbreaking an iPhone. I'll still get updates, I will still get fixes because many third-parties provide them. I still have the official appmarket working just fine and I know it always will because google makes it freely available so modmakers can provide packages to install it (though they are not allowed to preinstall it inside the mod).

    In short - the reason you see such a huge disconnect is because you're comparing apples with oranges. It only looks similar from a distance - in reality the two platforms approach to user restriction couldn't be further removed from each other and rooting an android is a much lesser deal than rooting an iphone.
    Iphone's are jailbroken to enable power the user should have had the choice to get in the first place.
    Androids are rooted because hacking devices is FUN.

    --
    Unicode killed the ASCII-art *
  9. The next iOS is Jailbroken already by Centurix · · Score: 4, Interesting

    If they're releasing Jailbreaks this close to the release of an OS then it seems to make sense that they've got a list of vulnerabilities stashed away somewhere. All they do when Apple releases the next one is go down the list. The time between the OS being released and the Jailbreak is only going to be them tidying up the distribution of the Jailbreak so people can do it to phones in the Apple store. The Jailbreakers would be foolish to unleash the lowest level Jailbreak at this point as they could end up with nowhere to go after this. I was surprised with the last one where you could just visit a web page to get the job done. Good job the page just Jailbroke the phone and didn't decide to steal all your data or install something nasty that somehow managed to survive even an iTunes restore.

    --
    Task Mangler
  10. Re:Where do they say that? by LingNoi · · Score: 4, Interesting

    http://www.apple.com/macosx/security/

    Very first sentence on the page..

    Mac OS X doesn’t get PC viruses.

    It's deceiving to the point of almost lying. You can whine about the finer points of that sentence and how a Mac isn't a PC etc, etc. However we all know that it's been specifically designed to fool those with less knowledge of computers.

    No other industry would be able to get away with such "facts".

  11. Re:Where do they say that? by Khyber · · Score: 3, Insightful

    'No, it really isn't.'

    Yes, it really is. It is a misleading marketing tactic and it's improperly using technological terminology to fool a customer into thinking they're making the superior choice by purchasing an Apple product, when anyone with any real technical knowledge knows these claims are patently false.

    Did you fail English class?

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.