iPhone Jailbreak Modified Into CC Sniffing Malware

chicksdaddy writes "In a presentation at the ToorCon Hacking Conference in San Diego on Saturday, Eric Monti, a Senior Researcher at Trustwave's Spider Labs, demonstrated how to turn the popular JailbreakMe Tool for iPhones and iPads into stealthy rootkit-style malware that can monitor voice and video activity or intercept sensitive data, such as credit card magnetic stripe data from an iPhone-based transaction."

Yay!

[Eddi3]

Viruses for the iphone!

Re:Yay!

[sockman]

There's an app for that.

Re:Yay!

It's a trojan, not a virus. The iPhone can't get infected by simply browsing to a website. You have to manually install it.

In my book, it's just another tool for Apple's marketing department: don't use jailbreaking tools, they're trojans that will steal your personal information!

Re:Yay!

>>> The iPhone can't get infected by simply browsing to a website.

Well, there was a jailbreak to do just that before :)

It may be patched, but I'm sure we'll see the likes of it or something similar again...

Re:Yay!

[mcgrew]

The parent is right, it's a trojan and not a virus. But it's still malware, and dangerous.

And I'm sure the aluminum hat crowd will be sure Apple wrote this, and the sane have to wonder. I'll bet Apple hates this.

Re:Yay!

Nope. A Trojan.

Re:Yay!

No, no, no! There is no malware for OSX.

Re:Yay!

[SudoGhost]

This just in: Executing code that others have written allows that code to perform in the manner in which it was written!

Re:Yay!

It's a trojan, not a virus. The iPhone can't get infected by simply browsing to a website.

Yes it can if you're running iOS 4.01 or lower (Google Apple iOS remote exploit).

Re:Yay!

[Jaime2]

Two past jailbreaks worked with a website based infection. The vulnerability behind the second one has been around since day one, but was never discovered by Apple (at least never fixed by Apple) or publicly disclosed by the jailbreak community. Who's to say that there isn't another one or that the hole that was around for years wasn't actually used for evil?

As a technical note the recent hole was a vulnerability in the PDF viewer and only required the user to view an infected PDF.

On another note, you didn't have to jailbreak to be vulnerable. Apple only patched versions of the OS that it felt like supporting, but the jailbreak community patched all versions. So, jailbreakers are actually safer. To this day, if you have an old enough iPhone that is not jailbroken, you are julnerable to a website based attack.

Re:Yay!

[bonch]

There was a jailbreak that did allow infection by visiting a website. But hey, you're yet another mysterious, anonymous poster bashing Apple for being closed. I'm sure you won't be posting multiple times here...

Re:Yay!

[hairyfeet]

Well I'm not that guy, as I think ACs are the cancer killing /. and making it too much like the chans, but it seems to me the solution would be allowing an "end run" like Apple did with iTunes DRM. What they should do is put a button in the options that says "If you type in your name in this box and pick yes the phone is officially jailbroken. We hold NO responsibility for it any more, you void the warranty, blah blah blah all the legalese" and if the owner follows the instructions he/she has a broken phone and is on their own. This would allow Apple to have a legal way to disolve any responibility for the phone, while allowing the owner to do what they want with the phone. Better than having to have users "hack" their phones and risk Apple iPhone becoming a haven for malware pretending to be jailbreaking tools. Seems like a win/win to me.

Re:Yay!

[denzacar]

Well I'm not that guy, as I think ACs are the cancer killing /. and making it too much like the chans

You do realize how hilarious that sounds from someone so high up the ID ladder?
I mean.. if ACs were 'cancer killing Slashdot' - how did you get here?
Fuck... How did I get here? Shouldn't this place have been dead somewhere around 30k accounts?

but it seems to me the solution would be allowing an "end run" like Apple did with iTunes DRM. What they should do is put a button in the options that says "If you type in your name in this box and pick yes the phone is officially jailbroken. We hold NO responsibility for it any more, you void the warranty, blah blah blah all the legalese" and if the owner follows the instructions he/she has a broken phone and is on their own. This would allow Apple to have a legal way to disolve any responibility for the phone, while allowing the owner to do what they want with the phone. Better than having to have users "hack" their phones and risk Apple iPhone becoming a haven for malware pretending to be jailbreaking tools. Seems like a win/win to me.

Seriously... Do you do stand-up in your free time?

But please... do keep it up. This place COULD use some naivete.
We are all WAY to cynical.

Re:Yay!

[hairyfeet]

Actually I've been lurking around here since the late 90s, I just never bothered to make an account because I didn't feel I had something to contribute, and therefor didn't actually make an account until a user posted a question needing help with a Windows bug I had dealt with and knew and easy workaround, since many here on /. are old Unix greybeards and I'm the token windows greybeard.

And what EXACTLY is so funny about my suggestion? Electronic signatures have been recognized in all 50 states. I don't see how it would be ANY different than signing any other contract with regards to your phone. I mean you know when you sign for the phone you will incur penalties if you try to walk away, same here. Oh I'm sure you'd probably get one or two non too bright troll lawyers that might try to find wiggle room, but considering Steve has always had the lawyer army of doom I doubt seriously they'd have a prayer.

And that doesn't change the fact that in consumer electronics perception is everything. The average folks won't hear "jailbreaking is risky" they'll hear "iPhones have viruses" and this will hurt the brand. It is the classic grapevine scenario, where the data gets twisted the farther along it travels. If Apple doesn't get ahead of this it could be seriously bad, hence my idea. If you have a better one, by all means, let's hear it.

Re:Yay!

And even better, there are some 6 million non-upgradable first-generation iPhones that are now a botnet waiting to happen.

We don't expect new features for such old phones, but we do expect you to not stop putting out security fixes after barely three years. Hell, even Microsoft is more serious about security. Fuck you, Steve.

Re:Yay!

[denzacar]

There... you're doing it again.

The 'funny' part is in the fact that you are treating this as if it is a technical problem with a technical solution.
Namely, "let's wash our hands off this and give them a jailbreak button"-solution. It isn't.

Apple is a corporation - first and foremost.
THEN, after we establish that, we determine what kind of a corporation they are this day, month, decade... Are they more into technical business, artistic, musical, IP rights... etc.
Being a corporation, their main (possibly only) goal is MAKING MONEY. And that means make it NOW! FUCK THE CSR!

And there is no money in giving users a 'jailbreak button'. Not for Apple that is.
In fact, you can probably bet your ass that somewhere in the wast field of corporate spreadsheets there is a column (or several) that would suddenly dip into 'red' should Apple users get such an option.
Say... something like... 'planned number of apps/products bought through the app store per user'.
Apps/products they will no longer have access to as they have chosen not to accept the EULAs that give exclusive salesman rights to Apple stores and services.
And suddenly, with each (now thoroughly documented) 'jailbreak' - Apple starts losing money.
Sure, it's only perceived spreadsheet money to us - but not to the stockholders and bankers.

Apple's customers are not tied into Apple's services because of their own convenience or safety - they are LOCKED IN because that makes sure they don't spend their money somewhere else.
And a 'jailbroken' iPhone gives them exactly that option - to go somewhere else.
Besides, that stinks a lot like that obscenity that Google is doing.

Actually I've been lurking around here since the late 90s

Even funnier.
All it lacks is a "Back in my day..." or a "Get off my lawn!" to tie into a classic Slashdot meme.

How much was he paid

[ickleberry]

I wonder how much this guy got from Apple in order to help legitimise the concept of "not letting you do what you want with your own hardware".

This wouldn't be the first time an iPhone malware came in the form of a dodgy jailbreak and Apple has previously tried to justify their restrictions as a security measure.

but you really have to ask yourself what kind of a fool would install such a bad jailbreak, for something that could brick your phone anyone with a grain of common sense would try to make sure they have the legit version

Re:How much was he paid

[jo_ham]

Good God. Is the level of Apple hate so high that this has to be twisted into some sort of conspiracy about Apple?

Of all places, slashdot should be the sort of place that understands the nature of security exploits - which is exactly what the jailbreak takes advantage of. Colour me *utterly unsurprised* that the same exploit (and any tools created to make use of it) can be changed to do things that you really don't want.

Apple has nothing to do with this (apart from shipping software with a security flaw, but they are not unique in that respect).

Re:How much was he paid

[Yvan256]

I bet that most people using JailbreakMe or other variants don't realize they could be installing malware. They just want to install non-approved software or in most cases pirated software and heard about jailbreaking.

I've actually had someone reply to me that "there's no mention of anything else than jailbreaking on the webpage of the hack, and I'm not important enough for people to spy on me anyway". Most people don't understand technology and will believe what they are told, good or bad.

Just because Slashdot readers understand technology doesn't mean regular users do. Just two days ago I was discussing with someone in his 70's how "the blue E" wasn't the internet and how Wikipedia wasn't an competitor to Google Chrome.

Hell, the OLF (Office de la langue française) wants people to say "Sites internet" instead of "Sites Web" because web is an english word, even though internet is the network itself and isn't limited to the Web. If even official channels are messing up terms, how is the general public supposed to clearly understand the concepts? It's no wonder we still have people who think the "blue E" is the internet itself.

Re:How much was he paid

Of all places, slashdot should be the sort of place that understands the nature of security exploits - which is exactly what the jailbreak takes advantage of. Colour me *utterly unsurprised* that the same exploit (and any tools created to make use of it) can be changed to do things that you really don't want.

Apple has nothing to do with this (apart from shipping software with a security flaw, but they are not unique in that respect).

This very thing (the potential for jailbreaking software installing malware) was predicted by many slashdot posters when news of jailbreaking iPhone via security exploit was originally posted on slashdot.

Re:How much was he paid

[dreamt]

I would take it a step further. You are inherently installing malware when using jailbreak/rooting tools. The fact that you are intentionally using and benefiting from the malware doesn't mean it isn't malware.

Re:How much was he paid

[fuzzyfuzzyfungus]

While I strongly suspect that Apple had absolutely nothing to do with it(Steve Jobs probably personally kills someone from PR every time "malware" appears in the same sentence as any Apple product, unless it's a sentence about immunity thereto), it does raise the important notion of the security downsides that also exist in walled garden environments.

The security upsides are obvious. Whitelisting is easier than blacklisting. Enumerating goodness vs. badness, users are idiots who will click anything, etc.

However, this is the downside: Since there are always some applications that fall outside of the whitelist(enumerating goodness is easy, enumerating all goodness is hard, and some people don't want goodness, and some goodness is bad for the vendor's bottom line), there will be a demand for ways to run them. This means that there is a population of users who depend on the existence of security flaws in the system, and have an essentially antagonistic relationship with their own, and a lot of other people's, vendor. In open systems, only malware writers and scum are in this position. Everyone else is either a white hat, disinterested, or just a sheep. In closed systems, some white hats and just sheep are actually on the same side as the malware writers and scum, because both depend on exploits to run the code they want.

Re:How much was he paid

[mcgrew]

A gun isn't malware until you shoot someone. The jailbreak isn't malware, the rootkit based on it is.

Re:How much was he paid

[ammorais]

I would take it a step further. You are inherently installing malware when using jailbreak/rooting tools. The fact that you are intentionally using and benefiting from the malware doesn't mean it isn't malware.

I believe you are wrong. The mere fact that you are intentionally using ( inherently informed consent), disqualifies jailbreak/rooting as malware.

From wikipedia: "Malware (also: scumware), short for malicious software, is software designed to secretly access a computer system without the owner's informed consent. "

Re:How much was he paid

[Yvan256]

It can be both helpful and malicious at the same time. It's still malware if you intentionally install it for the purpose of the advertised jailbreaking but the software also does malicious things in the background without your knowledge.

Re:How much was he paid

A gun isn't malware until you shoot someone.

... and depending on who you shoot and in what circumstances, may still not be "malware".

Re:How much was he paid

I bet that most people using JailbreakMe or other variants don't realize they could be installing malware. They just want to install non-approved software or in most cases pirated software and heard about jailbreaking.

Or perhaps they want a SIM unlock, so that they can actually *gasp* use their device!

Planning that European vacation, but don't want to pay AT&T's ridiculous premium for data roaming? AT&T would like to add something like $250 to your bill for this. But if you SIM unlock and get a cheap SIM card, you're in good shape. Enjoy your trip in a somewhat more civilized country where telecoms don't control quite so much of the universe. In Spain I paid 1.20 EUR per day to get unlimited data.

Re:How much was he paid

[bonch]

I mentioned this elsewhere--I think the bizarre level of Apple hatred is due to astroturfers with a vested interest in Android. The goal is to make Apple look bad and rally the hardcore geeks against them.

Notice how many anonymous posters there are that criticize Apple in a story. You can already see a few posting to this one. Something fishy is going on.

Re:How much was he paid

Slashdot dislikes microsoft's practices -- normal
Slashdot dislikes sony's practices -- normal
Slashdot dislikes ea's practices -- normal
Slashdot dislikes blizzard's practices -- normal
Slashdot dislikes riaa's practices -- normal
Slashdot dislikes mpaa's practices -- normal ...
Slashdot dislikes apple's practices -- OMG SOMETHING FISHY IS GOING ON IT HAS NOTHING TO DO WITH MY OWN BIASED VIEWPOINT OF THE COMPANY

Re:How much was he paid

[Kilrah_il]

Actually, if you shoot someone then the gun is still not malware - it's a murder weapon. You need to get out of the basement more often.

Re:How much was he paid

[Kilrah_il]

Now we are coming to the issue of informed consent. From Wikipedia:

An informed consent can be said to have been given based upon a clear appreciation and understanding of the facts, implications, and future consequences of an action. In order to give informed consent, the individual concerned must have adequate reasoning faculties and be in possession of all relevant facts at the time consent is given.

In medicine, if I tell someone about a surgery and he consents, but later something bad happened that he says he did not appreciate beforehand, it is as if no informed consent was given. I doubt most JailbreakMe users understand the implications of the exploit used (heck, I sure as hell don't), and I am sure the site does not go into too many details to make the users understand. So from a legally binding viewpoint, there is no informed consent - the user has no appreciation and understanding of the facts, implications and future consequences of using the software.

Re:How much was he paid

No, you are not.

Malware is MALicious softWARE, not "software the almighty Jobs has not allowed his flock of minions to bless"ware. There is a difference. The jailbreak is inherently nothing more than the user and one hopes, owner, of the device choosing to make use of a software exploit to enable non-manufacturer supplied functionality. No more no less.

What the exploitive code does may or may not be malware. In traditional jail break cases, it's not malware.

   

Re:How much was he paid

haters gunna hate yo

Re:How much was he paid

[gl4ss]

yep. the only reason he did this with an apple device is that it iphones are getting a lot of press and he needed press. because otherwise it's just an obvious excercise about what could be done(using a fairly well known attach and then doing whatever).

Re:How much was he paid

[Beyond_GoodandEvil]

I would take it a step further. You are inherently installing malware when using jailbreak/rooting tools. The fact that you are intentionally using and benefiting from the malware doesn't mean it isn't malware.
Yeah, it kinda does, unless you think DeCSS was malware. Unless you think allowing homebrew on the Wii is malware, or full screen from a memory stick on PSP to be malware. See if I use the software for my benefit and I'm not harming anyone else then it isn't malware. It's simply exploiting a fault in the code to wrest control back from the turtle necked one or the kind people of Japan.

Re:How much was he paid

[mcgrew]

Well, a silversmith has his wares, a blacksmith has his wares, and a gunsmith has his wares. I'd say anything used for a nefarious purpose is malware, even a murder weapon.

And I'd love to join those few who have gotten out of the basement, but there's a gravity well that requires BIG rockets to escape. The blue ceiling and fusion lamp/heater are nice, though.

This is trolling of the worst sort

[stecker]

Yes, and Adobe Photoshop could be modified to become a program that indoctrinates me in Marxist philosophy. What's the point? That a user installing an application needs to trust its source? This has been true ever since there has been third party software.

Shame on Slashdot for pushing this.

Re:This is trolling of the worst sort

[IB4Student]

A lot of people who have Apple things think that they can go to whatever websites they want and download whatever the hell they want because they "can't get viruses". One of my friends on facebook got clickjacked and posted some .ru site, and a lot of people commented saying to not click on it because it is a virus, and then some guy said "lol i clicked on it anyway becuase i'm on a mac so i can't get a virus". -_- But, yeah, I think that we should all work together as a family to help people not get infected and we shouldn't hate people just because they use Apple products 3

Re:This is trolling of the worst sort

[icebike]

Yes, and Adobe Photoshop could be modified to become a program that indoctrinates me in Marxist philosophy. What's the point? That a user installing an application needs to trust its source? This has been true ever since there has been third party software.

Shame on Slashdot for pushing this.

And shame on Trustwave for shilling for Apple.
I'd like to follow the money, but we'll never get the chance.

Re:This is trolling of the worst sort

[Pelonis]

Funny you mention adobe, wasn't one of the jailbreaks through just opening up a PDF file in safari? Adobe, the company that produces security-bug laden memory hogging software

Re:This is trolling of the worst sort

[not-my-real-name]

Adobe Photoshop could be modified to become a program that indoctrinates me in Marxist philosophy.

I fooled them. I use GIMP which is put out by the very capitalistic ... Ah, I see how this works now.

Re:This is trolling of the worst sort

[Kvasio]

Yurij, is that you?

BCC

That's why I always use BCC, much safer...

Re:BCC

[Yvan256]

I don't trust the BBC. They got flying circuses and time-traveling phone booths over there...

Oh, you said BCC, sorry. Carry on.

Re:BCC

[bananaendian]

I don't trust the BBC. They got flying circuses and time-traveling phone booths over there...

It's not a phone booth you insensitive clod.

Its a Time And Relative Dimension(s) In Space or TARDIS time machine, with a chameleon circuit stuck as a 1950's London Police Box left behind by the Time Lords.

Be more careful next time. Some of us haven't got endless tea to spill.

- Auntie

Fluff piece.

[Bill_the_Engineer]

The researcher took the obvious step of adding malware code to a jail break program. While the article reports that the Jailbreak app will lead the way for more malware, it also stated this which contradicts:

The program is harmless and the vulnerabilities in question were patched by Apple in early August. However, Monti warns that more and more high value applications on the iPhone will increase the attractiveness of the platform for malicious parties, including banking and e-commerce.

Emphasis mine.

Also the "more and more high value" application line warrants a "no shit sherlock". Willie Sutton robbed banks because that was where the money was.

Basically this just shows that you need to know the risks before you jailbreak your phone. This is true for any phone OS, since jailbreak is a political term for rooting. Check the source (as in where you downloaded) and compare the binary with a known reliable hash (eg. MD5, etc). When you leave the comforts of the installed ROM, you need to be more vigilant about your security.

Re:Fluff piece.

Notice that the remote hole in iOS up to 4.0.1 can be exploited by any site. You do not have to accept the exploit, it can simply install itself in secret. So anyone on firmware lower than 4.0.2 should either upgrade their iOS, or stop using the internet, or jailbreak, after which they can install the unofficial patch from Cydia. For original iPhone users only the latter two options are available.

Re:Fluff piece.

maybe the idea is that /somebody else/ jailbreaks your phone, and then listens in your conversations...

Re:Fluff piece.

[Fnord666]

This is true for any phone OS, since jailbreak is a political term for rooting.

I thought that jailbreaking meant getting your process access to parts of the file system outside of the chroot() jail, whereas rooting meant getting root access for your process. Is this always the same thing or does one require the other on all phone OSes?

With all due respect......

[Pelonis]

With all due respect to anyone who has any type of idevice, no-duhh! Jailbreaking is literally breaking a part of the software, the part that currently helps protect your idevice from being open to the malware/viruses that lurk on the net.Apple is going to have to really work on creating some AV and Firewall protection soon. That being said I personally am somewhat for jailbreaking, but I dont have my ipad jailbroken myself. I have no reason to jailbreak, I dont need multitasking, and although I would love to have root access so that I can use my ipad as a external drive (or connect to one), it is not something I really need. I think that the main reason most people jailbreak an ipod/ipad is to install pirated apps. The Iphone owners on the otherhand, I encourage every single one to jailbreak, so that they are not locked into any single carrier.

More apple news?

[Windwraith]

There are too many Apple things as of late. I get the feeling we aren't getting other news because of them.
Not saying it's good or bad but it's making my feel reader feel like I am following an Apple-only site, which is not the purpose of Slashdot.

Re:More apple news?

[The+Second+Horseman]

I'm sure other media outlets will provide a more balanced view of the technology industry.

http://www.macobserver.com/tmo/article/pew_no_one_gets_more_coverage_than_apple1/

Or not.

Re:More apple news?

[Yvan256]

If other companies make worthwhile things, we will read about them too. I'm sure in a few hours some Linux distro will release a new version, hackers will find yet another hole in a Microsoft product, Sony will find yet another way to piss off their customers or Square-Enix will announce they're doubling the monthly fees of Final Fantasy XIV.

Re:More apple news?

[melikamp]

Hey that's fine, let's just turn this into an advantage by taking every opportunity to point out what is wrong with Apple's software environment. I'll start.

The biggest piece of malware running on your iPhone is the OS itself. You cannot remove it, you cannot disable it, you cannot cut out the parts you don't need. iPhone is, at best, a play-toy: nothing serious should be done with that device. Apple can see everything you are doing with your iPhone at will. Apple is literally looking over your shoulder when you bank, browse porn, text your friends, or do anything else. How do I know they do it? Elementary, Watson. Spying is cheap, it is legal, and they have every incentive to do it. If ever shit hits the fan and there is a big news story about Apple spying out and misusing personal data, Apple will just counter with a BS campaign about how they use your personal information to serve your needs better (they don't) and how this incident is a chance mishap (it's not: it is very much an integral part of their marketing strategy). Will they get in trouble? Not really. The worst thing that could happen to them is a slap on the wrist, a la Sony rootkit fiasco, so they'll give away a dozen of free apps to every wronged customer, and, to add insult to injury, the same apps will happily continue to spy on their users.

Re:More apple news?

[couchslug]

"which is not the purpose of Slashdot."

Well, WASN'T the purpose of Slashdot, which is morphing into AppleIdleDot.

Re:More apple news?

Beats GoogleIdleDot

It's not about hatred.

I don't think it's about people like the GP "hating" Apple. It's more like a complete lack of trust in Apple.

These days, Apple is doing things that even Microsoft never stooped to doing. Microsoft never limited which programming languages developers could write applications in, for instance. In fact, with .NET, Microsoft has gone a long way towards vastly increasing the number of languages that can be used to create Windows applications.

Then there are rumors about hidden APIs that Apple won't share with other developers, which is something that Microsoft was also accused of doing.

Of course, then there are the numerous incidents with perfectly legitimate applications being rejected from the app store without any valid reason. The whole review process itself and the conditions associated with it are quite terrible. The whole process is about treating developers like shit.

So it's easy to see how people may distrust Apple so much that they might even believe Apple is involved in shady practices designed to make Apple's claims stronger. If this is indeed the case, I would like to see more evidence to support the allegations made by people like the GP, but at least try to see where people like the GP are coming from.

Re:It's not about hatred.

[RazorSharp]

These days, Apple is doing things that even Microsoft never stooped to doing.

I've seen many comments similar to this one recently and I just don't understand it. Look at how MS funneled money into SCO to attack Linux, how they strong-armed Novell into a "licensing agreement," how they pressured governments into making OOXML a standard, or intentionally selling defective XB360s. Those are things that Apple never stooped to doing, and that's just recent history. Halloween document anyone?

Apple retaining tight control over the Mac platform isn't stooping to anything. It's what they've always done and will continue to do, much to their users' delight. Why should Apple change their business model to appease geeks who won't buy their products anyway? It doesn't matter what Apple does, people who hate Apple will never buy their products. Why should they change because of disdain from non-customers?

Microsoft has, throughout the years, continuously engaged in unethical business methods. I challenge you to cite one case of Apple doing anything unethical that Microsoft "never stooped to doing." There is no moral imperative that requires software to be open and free. I can think of many economic and technical arguments for open and free, but no moral ones. It's morally wrong to sell a product you know won't last more than six months with just average usage because you're ripping people off (don't give me that warranty crap -- it was extended because the math declared it necessary). It's morally wrong to extort people (Novell, SCO). It's morally wrong (at least in most cases) to lie (everything associated with OOXML was a pack of lies). To the best of my knowledge Apple doesn't exploit, extort, or engage in dishonest business practices. And even if an instance or two can be found, it hasn't been their business model since the company was founded. So how exactly are they stooping below MS?

Re:It's not about hatred.

[RazorSharp]

I can think of many economic and technical arguments for open and free, but not moral ones.

I'm going to refute myself real quick because this just occurred to me. In educational and government settings, open and free is a moral imperative because without these conditions, knowledge can be kept secret by those who have it and those who can afford it. A society cannot be free without knowledge, and I doubt anyone would argue that it's ethical to limit another's freedom. But with private entities, such as corporations and individuals, there is no imperative to share knowledge. A government that keeps secrets is tyrannical, an education system that only caters to those with money oppresses the poor.

So the point of the post stands, Apple is in no way morally obligated to be open and free. But the statement is refuted: in some cases there is a moral imperative for open and free.

Of course, from this perspective, MS's pursuit of making OOXML a government standard is even more unethical.

Re:It's not about hatred.

They both use their positions to bully 3rd parties and competitors. I don't see how one is any better than the other. Apple also has a habit (not that Microsoft doesn't) of getting patents on stuff that they know they didn't actually invent, then suing the bejesus out of everyone else (multi touch anyone?) including the original inventors. How is that ethical? Sorry, Apple is the new MS. Live with it.

Re:It's not about hatred.

[vadim_t]

I've seen many comments similar to this one recently and I just don't understand it. Look at how MS funneled money into SCO to attack Linux, how they strong-armed Novell into a "licensing agreement," how they pressured governments into making OOXML a standard, or intentionally selling defective XB360s. Those are things that Apple never stooped to doing, and that's just recent history. Halloween document anyone?

The GP's statement is correct though. Apple does annoying things MS doesn't. But both companies annoy me, and I avoid dealing with them, just for different reasons. Just that Apple doesn't fund SCO, or that MS doesn't control their hardware with an iron fist doesn't make either company automatically awesome in my eyes.

Apple retaining tight control over the Mac platform isn't stooping to anything. It's what they've always done and will continue to do, much to their users' delight. Why should Apple change their business model to appease geeks who won't buy their products anyway?

So that we buy their products, of course.

It doesn't matter what Apple does, people who hate Apple will never buy their products.

That's a mistake. I don't dislike Apple because it's Apple. I dislike Apple because of what Apple currently does. If they change what they do, I might change my mind. It's simple.

I change my mind on companies. Years back, in my mind, "Blizzard" equated with "awesome". These days it equates with "no way I'm paying". It could change back if they started making stuff I'd be willing to buy again.

Why should they change because of disdain from non-customers?

Because this non-customer could be a customer if they made something I like.

Re:It's not about hatred.

Yeah! Apple has never done anything so lowly as Microsoft selling defective hardware like XBox and such! Those iPhones were all just being held wrong and it takes FAR longer to make a white iPhone 4 than it does a chrome colored one because we all know that white is EXTREMELY difficult to come by!

This guy is right. Apple are the good guys and would *NEVER* do anything wrong at all and even if they WERE to do such a thing, they would own up to it and make it right by giving you a free $2 bumper cover to fix your antenna!

Re:It's not about hatred.

[bonch]

See, this is the kind of post I was talking about. There are an awful lot of mysterious anonymous posters now who criticize Apple and try to rally the hardcore nerds against them. The goal with your post is to make everyone see them as Microsoft. Just look at the absurdities in your post:

These days, Apple is doing things that even Microsoft never stooped to doing. Microsoft never limited which programming languages developers could write applications in, for instance.

They most certainly have. For other languages, they embrace, extend, and extinguish them, like what they tried to do with Java. Apple is the one submitting their language changes for standardization and working on a free, BSD-licensed compiler suite, for crying out loud.

In fact, with .NET, Microsoft has gone a long way towards vastly increasing the number of languages that can be used to create Windows applications.

What does that matter if the target is .NET, which is tied to Microsoft platforms? The only alternative you have is Mono, and that's always going to lag behind Microsoft's implementation, not to mention the political hysteria surrounding it due to fears of lawsuits and other nonsense.

Then there are rumors about hidden APIs that Apple won't share with other developers, which is something that Microsoft was also accused of doing.

Now we're citing mysterious "rumors about hidden APIs." Here's reality. Apple uses private frameworks and is public about this to its developers. It uses a private framework until it's functional enough to be made public, and in the next version it becomes a public framework. A recent example off the top of my head is CoreText, which was used internally in Tiger but made public in Leopard. Other examples would be controls like the HUD windows used in iLife or the source list mode of NSOutlineView, used in iTunes and the Finder. Objective-C is full of metadata; you can class dump the run-time information of a Cocoa app and see all the classes and methods they use, so it's not like there's some big secret Apple is keeping from you.

Besides that, there are always going to be APIs a system provider uses that you can't. They're the ones providing the platform; of course they're going to have greater privileges and stricter control over third-party use, for the sake of the platform. The CoreGraphics API for rotating a window as a 3D cube that's used in the OS X installation process isn't public because they don't want everybody making their annoying windows rotate like cubes. There's always going to be a level of control over these things.

Of course, then there are the numerous incidents with perfectly legitimate applications being rejected from the app store without any valid reason. The whole review process itself and the conditions associated with it are quite terrible. The whole process is about treating developers like shit.

There have been a few cases, and Apple has improved the process since then, but those incidents far and few between and certainly not enough to form the conclusion that the point of the review process is to "treat developers like shit." That's just more of your agenda shining through.

So it's easy to see how people may distrust Apple so much that they might even believe Apple is involved in shady practices designed to make Apple's claims stronger.

No, it's not easy to see that. Claims require evidence. If you're going to automatically assume that Apple is performing dastardly deeds, you should really take a step back and see how you look to other people as a paranoid nut. It doesn't even make logical sense--revealing that an iPhone jailbreak can lead to sniffing malware is bad for Apple because it makes their phone sound dangerous and insecure to the uninformed masses.

Re:It's not about hatred.

[Kilrah_il]

Thanks for the post. I wanted to say something to the same effect, but you beat me to the punch. Anyhow, people here just don't understand that Apple (under Jobs) has always believed in controlling every aspect of its ecosystem (Citation). The only time the MacOS was licensed was when Jobs wasn't in Apple, and that was their worst years.
People love Apple's products because they are easy to use from the get-go and part of that ease of use comes from controlling both the hardware and the software completely (or as much as possible). Yes, we geeks like it less, but we are not the main customers. Catering to us will bring about an OS that may be more powerful, but not as easy to use out of the box - I'm looking at you Linux.
So, yes, some of the people at /. (can I say "the guys" or do we have representatives of the fair sex here also?) don't like Apple for their strong-armed tactics, but these are the same tactics that brought about the products that so many people like. Face it, we are a minority.

Re:It's not about hatred.

[Kilrah_il]

Congratulations, you are one of the few people that change their mind when the situation changes. I am not sarcastic; I am totally serious. Most people frame an opinion about something (e.g. Apple), and that opinion usually is very hard to change, no matter what the company does. Even if Apple came out with a new iPhone that is completely open and you can install whatever you want, there will be some Apple-haters here that will find some reason why this is bad. And vice versa: If Apple decided that only fair-skinned, wealthy people who are very very nice to Steve Jobs can buy an iPhone, and even they cannot do anything outside some official rulebook with it, there will be some Apple-fanboys that will rationalize it. Oh, and by the way, changing an opinion from bad to good is harder than the other way around.
So what is Apple left to do? Continue with the philosophy that brought it success up till now. You might be a potential customer if they changed their ways, but most of the naysayers are, and always be, non-customers.

And another thing, regarding your first paragraph: Apple does things that annoy you, but they are not immoral, just... annoying. Contrast that with MS.

Re:It's not about hatred.

[vadim_t]

And another thing, regarding your first paragraph: Apple does things that annoy you, but they are not immoral, just... annoying. Contrast that with MS.

Eh, that's not exactly it. For me, Apple has long ago reached the point of "I'm sure I don't want to buy their products". The things they do that make me decide not to buy their products are in my view are very unlikely to change. If they were to change, I'd be very unlikely to miss it. Due to this, I don't pay very close attention to them, because one minor reason more or less to dislike them doesn't change anything anyway.

There might well be something that Apple does that I consider unethical. But that just doesn't matter much at this point. If Steve Jobs kicks puppies or whatever, I already don't buy his products, and can't buy less than nothing. So I just have better things to do than to look for things like that.

Re:It's not about hatred.

[rjstanford]

Yeah! Apple has never done anything so lowly as Microsoft selling defective hardware like XBox and such! Those iPhones were all just being held wrong and it takes FAR longer to make a white iPhone 4 than it does a chrome colored one because we all know that white is EXTREMELY difficult to come by!

Hmm. Well, my day-1 iPhone 4 has no problems being held (neither do any of the others used by folks I know), and if you'd ever worked in manufacturing you'd know that getting a consistent white between different materials, especially when some are encased in glass and others aren't, is damn hard.

But by all means, keep on hating...

Re:It's not about hatred.

[Andy+Smith]

Why should they change because of disdain from non-customers?

Just FYI, I was an Apple customer. Had an iPhone 3G and then a 3GS. Because of Apple's actions that hurt developers, I got rid of my Apple phone and bought an Android handset. So I'm one example of an Apple customer actively moving to a different manufacturer, solely because of Apple's anti-developer actions. In a world of 6 billion people, I wonder if I'm the only one?

If Apple had been nicer to developers, I'd have bought an iPad by now.

Re:It's not about hatred.

[shutdown+-p+now]

Apple is the one submitting their language changes for standardization

So, where is the ISO standard for any version of Objective-C?

What does that matter if the target is .NET, which is tied to Microsoft platforms?

The spec - CLR, C# etc - is not tied to any platform. A particular implementation of said spec, such as .NET is.

Meanwhile, Objective-C and Cocoa is just as much tied to Apple platforms in practice. Yeah, there's GNUstep etc, but just the same as Mono, it lags significantly behind. Probably more so than Mono, in fact.

Besides that, there are always going to be APIs a system provider uses that you can't. They're the ones providing the platform; of course they're going to have greater privileges and stricter control over third-party use, for the sake of the platform.

FYI, Microsoft got sued for doing precisely that.

Re:It's not about hatred.

[Duradin]

My iPhone 4 has problems if I hold it wrong. It also says 'Samsung' and is a flip phone, but according to /. only iPhone 4s have problems with being held incorrectly so my phone must somehow be an iPhone 4.

Re:It's not about hatred.

[Phroggy]

Then there are rumors about hidden APIs that Apple won't share with other developers, which is something that Microsoft was also accused of doing.

This is no secret, and certainly nothing new. When Apple is developing a new application, and they need support for some new technology in the operating system, they often build the two pieces side-by-side, and until they feel confident that they've gotten it right, they don't always publicize the APIs. They freely acknowledge that these private APIs exist, and warn developers not to use them, because private APIs are subject to change in incompatible ways without warning or documentation. Once the bugs have been worked out, Apple stabilizes the API and publishes documentation. This might sound unfair to third-party developers, but the only alternatives are to 1) delay release of the technology until they've had a chance to do a lot more under-the-hood refinements to the code, 2) publish an immature API that they then have to maintain, even though it's terrible, because third-party developers are depending on it, or 3) publish the immature API but then drop support when revisions are needed, breaking everybody's third-party apps and pissing off their users.

Apple is not known for keeping private APIs a secret indefinitely. They actively encourage third-party developers to build on the technology made available in the Mac OS, because this makes for a better user experience, which is what helps them sell Macs.

Re:It's not about hatred.

[UnknowingFool]

These days, Apple is doing things that even Microsoft never stooped to doing. Microsoft never limited which programming languages developers could write applications in, for instance. In fact, with .NET, Microsoft has gone a long way towards vastly increasing the number of languages that can be used to create Windows applications.

MS only supports 3 official .NET languages: their languages (C++, C#, and VB). All other languages are outside MS. For implementations like Mono, there is no official guarantee that MS will harm the implementation. For Apple there were 3 languages that you could use for Carbon: C, Objective C, and Java. Cocoa never supported Java. Going forward, Apple will no longer maintain Java. However, Apple has never stopped anyone from developing Flash or Java or Python for Mac; they are not going to use those languages for OS X development.

Then there are rumors about hidden APIs that Apple won't share with other developers, which is something that Microsoft was also accused of doing.

Like what? Bear in mind all, there might be undocumented APIs that are included with a software release. However, in the case of MS the accusation was that these hidden APIs were stable but not shared with those outside MS. From my recollection about Apple, people were complaining that Apple didn't document experimental APIs and then complained when Apple removed them in subsequent releases. Perhaps that's why Apple didn't document them: They didn't want any developers to really use unstable APIs.

Re:It's not about hatred.

[indiechild]

Excellent post. This subject has frustrated me as well.

Re:It's not about hatred.

[gmhowell]

Generally reasonable points. (I know, wtf, this is an Apple article). One thing to keep in mind is that Apple has certainly done the analysis and determined that making things open enough for one geek to purchase their products would result in changes sufficient to prevent X number of non-geeks from buying them, where X > 1. This would make them less money and given how much cash and cash equivalents they have on hand, Apple is very much interested in money.

The more interesting figure would be how many additional sales they may use. There have been *some* sales based on 'my geeky friend said Mac is better than Windows'. Do they still matter? Dunno. I'm guessing that Apple, a rather large and successful company, BTW, has figured out that it doesn't.

TLDR; Apple makes more money selling to non-geeks than to geeks or than it would trying to sell to both.

Re:It's not about hatred.

If you use a case or in a high cell tower density area, then of course you have no problems. Then again, I was in a cell store touching the weak spot (not even cupping or holding, it was on the display stand) a couple months ago and it lost 3 bars and even gave a no-signal. You couldn't possibly be trying to confuse the issue, just like the official press release (unless, of course, you BELIEVED the press release and nothing else).

For those who want to choose not to use a case (I use a sleeve that came with my phone, cause I don't like the extra bulges associated with a case, and also it interferes - albeit only slightly - with docks), well... I guess they're just screwed.

As for the white models, I guess a $50 billion dollar company can't afford to do what all these other phones are doing.. Besides, what's a few months compared to the 4 years it took (along with background services, and HOLYCOW A SECOND WALLPAPER!???!?) The entire face of the phone is made out of the same material and there's a lot fewer irregularities (the BB, for example, has more buttons, etc)?

Re:It's not about hatred.

They recently lifted the ban on using 3rd party languages to develop on the i Platform.

I guess that couldn't possibly be an anti-competitive practice to begin with (adding that you *NEED* their computers for development, despite other equally capable platforms). I mean, it couldn't possibly have anything to do with there being several viable threats to reduce their marketshare (Android 2.2+, Blackberry OS6+) in conjunction with cross-compilers for said platforms (and more) so that you only need to make one "core logic" and just tweak the interface for the targeted platform (like using Unreal Tournament or Quake game engines to practically "give" you a cheap other port between PC/XBX/PS3). Heck, by and large, you don't even need to tweak the interface at all. Practically all informational / service apps are single-touch. Even in games, only some *need* multitouch.

Making an application for "everything else" just because a heck of a lot more tempting for developing as you'd hit 70%+ smartphone marketshare with little extra effort. The i devices would be last on the list since they'd have to rebuild everything from scratch, and only hit 20-30% PLUS add in the extra week for review.

I wonder why they decided to drop it? Their original reason - which most people accepted as it might make sense to some - is that it puts the power into other people's hands. If there was a new feature / paradigm, the 3rd party platform would lag behind (a bit or a lot, depending on the 3rd party). This reason still stands, so...

---

As for "jailbreak can lead to sniffing malware is bad for Apple because it makes their phone sound dangerous and insecure to the uninformed masses", it should be as bad as it sounds. There already have been viruses (don't nitpick words, virus=trojan=malware in layman terms) in the Cydia app store. Just google it. I'm sure if you go outside the market / app world for Android / BB, you'll find some malware there too. Then again, you'd have to go out of your way to install it, and ignore all the warnings they give since those two OSes expect 3rd party, non-peer reviewed software. They realize that once you compile something, it's hard to find out precisely what it does (especially if they're good at code obfuscation, like that flashlight tether app. They somehow obfuscated DNS/DHCP/ proxy code inside of an app that simply turns up the brightness and displays a white picture).

Your only real protection is the sandbox that the OS provides (provided it isn't cracked somehow... oh wait, the phone is JB'd, which means there is significantly reduced protection!

The problem a lot of us "nerds" / "paranoid nuts" see that a lot of people run around with this air of invincibility because nothing the Fruit makes could possibly have viruses. Most don't even run anti-virus on their desktops, I'll bet. So yes, there needs to be some sense of danger because computers are computers -- they'll blindly do what they're told to do, even if it's to deleting system files if it has the privilege (JBing gives that permission).

The previous web-based JBme website could have EASILY installed some other junk in there (it's not likely at this point, but the possibility was there), but people are like "hey, I don't get viruses on this device, it's impossible" -- or worse, it doesn't even cross their mind. Hell, most people who would do something like that don't realize, nor have the technical knowledge to realize they've been infected with anything.

Re:It's not about hatred.

[node+3]

How does Apple hurt developers? By creating the world's most successful mobile app store? "Help! Apple's making it too easy for us to make money!" is the cry heard from developers far and wide?

They have done some things that don't help some developers. For example, the requirement of using Objective-C, C++, or C doesn't help Java programmers, but it doesn't hurt them. Refusing to carry buggy apps, or apps that run afoul of a limited number of guidelines, in their store doesn't help developers of such apps, but those developers knew going into it that the guidelines existed.

So, really, what has Apple done that can so generally be said to "hurt developers"? In fact, Apple does a lot to help them.

Re:It's not about hatred.

[PSdiE]

"To the best of my knowledge Apple doesn't exploit, extort, or engage in dishonest business practices."

To the best of my knowedge, no Applezoid has ever accepted that Apple is a self preserving, spin marketing megacorp like any other. Are you seriously suggesting you are unaware of the iPhone 4 antenna debacle and subsequent denial by Apple?

Yes, I'd be inclined to agree that MS have demonstrated more underhand tendencies over the years than Apple. But Apple today very much practices the same self-preserving restrictive nonsense that got MS its reputation in the first place.

Re:It's not about hatred.

[jo_ham]

You mean the "debacle" where the antenna was better than the previous version on the 3G and was providing signal at the extreme edge reception (where the 3G could not) that it subsequently dropped if the user detuned it by holding it in a specific way (a fact not unique to the iPhone 4, just exaggerated due to the design), that subsequently spawned an investigation from Apple that they published, along with a free case program for all iPhone 4 users to correct the design flaw?

That one?

Yeah, real shady business practices there... Oh wait, the other thing: good response to a design flaw.

Re:It's not about hatred.

[PSdiE]

Oh please. Apple's own engineers warned Jobs of the issue right from the earliest design meetings, but were overruled. When users -shock- began complaining soon after launch, Jobs personally dismissed the "non-issue", telling them to "avoid holding it in that way."

Even when Apple *finally* accepted there was a problem at the 16 July press conference (only after a damning confirmation of the issue from Consumer Reports), there was no "mea cupla". They claimed the problem was common to all internal antenna phones, something which competitors and reviewers were quick to dispute, but they would begrudgingly issue free cases as a band-aid fix.

It never ceases to amaze me the infinite reserve of benefit-of-doubt that Apple commands from its fans! :]

Re:It's not about hatred.

[jo_ham]

It *is* common to *all* antennas - it is the physics of antennas. It's just accentuated by a design that is sensitive to detuning. There are examples of other manufacturers' manuals warning against "holding in a specific way" or more usually, to avoid touching the phone in a specific area while making calls.

As with any issue, the legal climate pretty much enforces a "don't admit anything publicly until we have something in place with legal, and a solution". It's not the first product to have had engineering decisions overruled in favour of aesthetics, costs or timescale. It's far, far from unique in that respect.

It's not so much "benefit of the doubt" as much as "this is the reality of large companies that make consumer products" and treating them all equally. Overhyping this "antennagate" thing has done more to expose peoples' bias against apple than almost any other story.

They're certainly no immaculate white knights, but they are a long way from the picture people have been painting of them.

The hilarious thing, is if they had intentionally crippled the phone so that it only had the same range as the 3GS it replaced, and didn't even try to hold a signal in weak areas and just reported 'no service' (which is the only time the detuning causes call drops) then no one would have ever noticed and slashdot would only have the walled garden to moan about.

Ah, so they're re-inventing the wheel again...

[trifish]

Obviously, if you're going to use pirated or [i]any[/i] other illegal kind of software, you are owned by the malware that comes with it 90%. (That's why I stopped using pirated Windows ten years ago when internet-aware malware became popular -- I didn't want to share my credit card numbers and passwords with the pirates.)

Re:Ah, so they're re-inventing the wheel again...

[emkyooess]

I could swear that jailbreaking was upheld as not illegal in any way.

Re:Ah, so they're re-inventing the wheel again...

Depends on where you live and what EULAs you accepted.

Re:Ah, so they're re-inventing the wheel again...

[Zero__Kelvin]

Obviously, if you're going to use pirated or [i]any[/i] other illegal kind of software ...

In the US it is not illegal.

Re:Ah, so they're re-inventing the wheel again...

This statement makes no sense... the whole point here is that this exploit exists on the stock firmware from Apple: that's how the jailbreak worked. You don't /become/ vulnerable by jailbreaking your device. In fact, for people with the original iPhone, that is the only way to protect yourself: you jailbreak and install the PDF Patch I wrote from Cydia.

Warning: car analogy

[Yvan256]

Just like a used car salesman, I guess. He helps by selling you a car that you want, but he also screws you with a POS car that will need more repairs than the cost of the car itself. Unless you're a mechanic, and most people aren't. Just like most people don't understand technology.

Now if you'll excuse me, I have an appointment for my car...

If the platform were open...

[saleenS281]

If the platform were open, the hackers would be incentivized to work with Apple to close the holes, rather than save them to jailbreak.

Re:If the platform were open...

[SideshowBob]

Can you cite an example of this behavior? I believe hackers that would exploit a hole on a closed platform would also exploit the hole if the platform were open. The key issue is not whether the platform is open or closed but that there are hackers willing to exploit holes for their own gain.

Re:If the platform were open...

[saleenS281]

Firefox. There are patches given back by the community to exploits all the time that could be sold on the black market instead.

There is no "own gain". iPhone exploiters are doing so for the good of the many. If they wanted personal gain, they'd never release a public root app. Every time they do so, Apple patches the exploit, and thus they can no longer use it. If it were for personal gain, they'd keep it to themselves, and wouldn't have to constantly be searching for a new exploit. OR, they'd be selling the exploit on the black market.

Re:If the platform were open...

[SideshowBob]

You completely missed my point. The type of altruistic people that find and report holes would do so regardless. The type of people that take advantage of exploits for their own gain would also do so regardless of the openness of the target.

Re:If the platform were open...

...Hackers would have the incentive to do both exploit and close the hole. We are a diverse bunch like slashdot and 4chan no? Hell to a certain extent we are slashdot and 4chan.

Doesn't bother me

I don't get viruses, I'm on a Mac... oh wait...

Dammit!

iToo

iToo can get viruses!!!

Wow, lots of Apple FUD lately...

[thestudio_bob]

Replace "Apple" with any other technology company name and it basically holds true for them as well.

Sony/PS3
MS/Windows
Google/Andriod
..etc.

Do I need to change my bookmark for slashdot.org to fuddot.org?

Re:Wow, lots of Apple FUD lately...

[bananaendian]

Do I need to change my bookmark for slashdot.org to fuddot.org?

No, that would be bashapple.org

Giving Apple an excuse to kill jailbreaking

[mysidia]

demonstrated how to turn the popular JailbreakMe Tool for iPhones and iPads into stealthy rootkit-style malware

The authors of JailBreakMe should be scorning this act and sending legal threats (if possible) to the people contorting their Jailbreak software into a malware infection tool.

Apple is going to finally stand up, take notice, and kill the jailbreaking software, to public applause, if malware starts taking advantage of it, it will be more than a theoretical matter of security.

That is, things like this are going to justify adding additional security hardware to the iPhone to even further lock it down and roll out measures to automatically brick jailbroken devices.

Re:Giving Apple an excuse to kill jailbreaking

[ekhben]

I will applaud Apple for closing any hole used to jailbreak without a USB cable involved, whether it gets to malware stage or not.

Apple seem to respond faster to these sorts of vulnerabilities than they do to ones that are only usable if you have physical control over the device, so I don't think there's any cause for concern that Apple will step up their counter-jailbreak programme if theoretical attacks become reality.

Re:Giving Apple an excuse to kill jailbreaking

[saurik]

I agree on all counts.

And to think...

If Apple would just sell the thing SIM unlocked and with sideloading of apps, this wouldn't be a problem!

Heaven forbid Apple actually be forced to sell the thing on its merits and not have to resort to anti-competitive nonsense.

Re:And to think...

[Alioth]

They *do* sell it SIM unlocked, it's right there in the Apple store website (certainly the Apple Store UK website). It is rather expensive when not subsidised by your phone carrier though.

Re:And to think...

Not in the US.

Sick and tired of these "blackhats"

[negatonium]

I'm getting sick and tired of these "blackhat" conferences and their endless phallus measuring contests.

I really am all for free speech but these folks have potentially dangerous information and need to act _responsibly_ with it. Many of us here realized that the web based jailbreak could be refactored into a driveby exploit but we didn't do it -- much less do it and brag about it. This "revelation" doesn't in any way enlighten the community. It's only a "mine is bigger" statement for the self aggrandizing "haxor".

This kind of Dangerous Knowledge is nothing new. What if John (Captain Crunch) Daper had had a conference for phone-freakers and released press statements? No different. If these folks want to have what they think of as "security" conferences then protect the content shared there with an NDA and strict fines for breaking it.

These folks think of themselves as "experts" but they are really nothing more than juvenile delinquents -- regardless of their ages.

iPhone2G are easy target

[Rastignac]

Apple stopped firmware updates for iPhone2G (edge). It is blocked at iOS313, forever.
So, iPhone2G misses a lot of security updates. The old edge iPhone is really full of holes.
And nobody will secure it.
Steve, please, help !!

Re:iPhone2G are easy target

[Arthur+Grumbine]

Apple stopped firmware updates for iPhone2G (edge). It is blocked at iOS313, forever.
So, iPhone2G misses a lot of security updates. The old edge iPhone is really full of holes.
And nobody will secure it.
Steve, please, help !!

You appear to have not purchased a new iPhone in over two whole years. I don't know what backwoods, 3rd world nation you come from that you expect the most expensive phone you've ever purchased to last more than two years, but you are obviously not our target demographic. Thank you for your money, and please return to us when you are willing to follow our clearly laid out expectations for making new purchases/upgrades.
Cheers!
Steve J.

Re:iPhone2G are easy target

Just run Android on it.

Re:iPhone2G are easy target

[vux984]

You appear to have not purchased a new iPhone in over two whole years

It certainly wasn't my idea to commit to a 3 year contract, but that was the only option they gave me at the time.

That sounds about right

[Arancaytar]

A device that must be broken into in order to gain full control of it will never be as secure as one that is open by default.

Re:That sounds about right

[melikamp]

Rooting an iPhone does not give you full control over the device. At best, you get to run your code with the highest privilege, but you are still stuck with an opaque proprietary OS that will spy on you around the clock. No amount of rooting will help you to get rid of malicious "features" programmed by Apple itself.

Re:That sounds about right

[Duradin]

True, it's hard to hack something that's not on the market or not worth it for things that have a minuscule market share.

Re:That sounds about right

[Arancaytar]

I know. I'll buy one when hell freezes over. :P

Sesli Sohbet

Thank you for sharing. We would like to follow up with a rating. Honours

Owner's root access = more functional AND secure

[RulerOf]

Apple only patched versions of the OS that it felt like supporting, but the jailbreak community patched all versions.

Not only were all jailbroken iOS devices patched (if the patch was installed, that is), but they were patched much faster than "vanilla" devices.

Saurik released the patch within days of jailbreakme's debut. It took Apple almost two weeks. Two weeks during which there were a metric fuckton of jailbroken iPhone 4's on display in just about every Apple store on the planet, which I think is fucking hilarious. I wonder if Jobs had those phones tossed into a pit of fire to keep up the "r00t is bad for you, good for us" charade.

[offtopic]
Anyone else want to see some legislation that prevents companies like Apple from voiding a warranty on Hardware based on the software you run on it? I mean, that would be like refusing the warranty on a laptop with a broken hinge because it had Linux on it... Oh wait a minute...
[/offtopic]

droid does

[MobyTurbo]

and they say that the iPhone can't do things that Android and WinMo can do!

The "web browser" jailbreak only worked on iOS 1.x

Because there was no memory protection until iOS 2.0 (when, not by coincidence, Apple introduced the App Store and native third-party applications). With memory protection implemented, browser-based hacks are vastly more difficult. Hacking the web browser only gives you low-level privileges in a well-protected sandbox and very limited access to the filesystem; you still need a root escalation exploit to jailbreak the phone.

All the well-known jailbreak methods for iOS 2 and later depend on getting physical access to the device, so you can tether it and use a key-based exploit to make the iPhone accept a software package that it shouldn't.

Knowing your risks or your audience?

[swb]

I'd wager that for most people, there's no reliable way to "check your source" for most apps offering "something for nothing" (ie, cracks, rooting, jailbreaking, etc). Many are written by anonymous entities and distributed diffusely to avoid the wrath of whoever produces the device they're trying to circumvent. In some instances there's a reliable distributor, but in many cases not.

But I also wonder if going after a jailbeak app as a target they might be going after the right audience -- people willing to take a risk to get more than they paid for (running "unapproved" apps) or to get something for nothing (iPhone without AT&T contract).

Re:The "web browser" jailbreak only worked on iOS

[gl4ss]

jailbreakme works on firmwares up to 4.0.1

so you were wrong in your assumption - that the web browser gets hacked shouldn't grant you full root powers, but it does. and ironically for the older devices you need to jailbreak to close that hole or risk being jailbreaked by random sites you visit.

fabulous

[Kathars1s]

Wonderful. This is one more thing apple can use to bitch about while ripping on people who jailbreak. What a douche.

Credit Card Magnetic Stripe Data?

[d0nster]

Did anyone else notice that the iPhone apparently has a credit card reader in it? Wow, I guess they really are revolutionary devices!

Feel lucky

[tivoKlr]

You're one of the lucky ones, my iPhone4 drops calls notoriously, and God forbid I try to call another iPhone4 user, as the incidence of dropped calls then grows exponentially...

The free case made a difference, but the proximity sensor issue allowing my face to mute the phone, or better yet, pull up the keypad and hit numbers while I'm talking makes this phone, as a phone, a worthless pile of crap.

Now as an awesome pocket computer/ipod it rocks the house, but FFS it's a phone and it should work properly as such, first and foremost, and at least in my personal experience it doesn't. For the record, I was a day 1 adopter of the original iPhone, I skipped the 3g, had the 3gs until somebody lifted it and am now stuck with this pos ip4. I should sell it on cl and get a used 3gs again.