Apple's War Against Jailbreaking Now Makes Perfect Sense

An anonymous reader writes "Apple has always been extremely anti jailbreaking, but it might now have a good reason to plug up the exploits. As Hardware 2.0 argues, Apple's new iOS 7 Activation Lock anti-theft mechanism which renders stolen handsets useless (even after wiping) unless the owner's Apple ID is entered relies on having a secure, locked-down OS. Are the days of jailbreaking iOS coming to a close?" I can see a whole new variety of phone-based ransom-ware based on this capability, too.

Re:Phone-based ransom-ware?

In our business we have had several thousand 4's stolen over the last 2 years. We have 0 recourse to recover them. Apple admits they see them popping up all over the world under other names but can't recall or stop them from being used.

Bricking them or recovering them was a request of many businesses and officers of the law. Dry up the demand and you will slow down the theft.

Re:The problem is...

...it will simply cripple the trust of the secondary market...

I think it will just change the protocol for selling on eBay or Craigslist. Sellers will probably learn to post a picture of the phone, turned on, showing the date... and also the serial number or something. If you can get into the settings, then it wouldn't be locked. But really, sending a bricked phone is no different from sending a broken phone or no phone at all, so I think this all falls into the "fraud" dept.

FWIW, there were five things which immediately went through my head when I saw them announce Activation Lock. In order, they are:.
  - "If iOS7 can be jailbroken, Activation Lock is useless"
  - "There needs to be a simpler way to 'release' a phone from your ownership". (I once went into "Find My iPhone" and was able to see all three iPads I've ever owned and the last three iPhones I've had. It turns out that it takes some deliberate navigating, on the part of the user, to indicate that they no longer own a device. That needs to be simpler.
  - It needs to be *verifiable* by the buyer that a device isn't "owned" by anybody. Otherwise, the device could be locked at any time in the future. (or... there needs to be a way for someone with a locked phone to track down the person with locking rights on a phone so that they can say "Hey... remember that phone you sold back to BestBuy last Spring? They never released you as the owner". Almost like doing a title-search on a piece of property.
  - Apple will probably need some kind of arbitration dept. for the "This dude sold me his phone and won't release his lock rights" or "I can't find the person who has lock rights" issues.
  - If this is something which people have to turn on in the phone before it gets stolen, it's going to be useless. Almost nobody is going to take the time to enable it, which means a small fraction of stolen phones will get activation-locked, which means there will be a small deterrent to theft.

I eagerly await the rollout of iOS7 to see how Apple deals with these issues.

Use the EMEI instead

[SplatMan_DK]

Actually there is a much simpler way to go about this problem (with theft) which would leave both Apple and the NSA out of the loop.

Every cellphone is equipped with an EMEI number which works similar to a network MAC address. It is a unique hardware identifier for each phone - on a global scale.

The EMEI is visible in the settings/control-panel section of any modern phone, and often also printed on either the box the device is supplied in, or a piece of paper inside. And it is used by every carrier on the planet as a part of the calling infrastructure.

All the carriers would need to do, is to allow a "blacklist" of EMEI numbers, so when your device is stolen you simply report the EMEI to the carrier and they blacklist it. To prevent abuse each device could be supplied with an anti-theft key generated by the initial operator or by the manufacturer (so only the holder of both the EMEI and theft-key can have it blacklisted).

The technical capability to do this already exists. Some operators have even implemented it in trials. Their reasons for not using it today is the fact that not all operators actually want to bust customers with stolen phones, and this system would be kind of pointless if only half the carriers implement it.

Enter regulation. The political system could easily pass a law that forces all carriers to implement this kind of EMEI-based anti theft system. It would take little to design, it would work for every phone on the planet regardless of make/model, and it would include only known technology (just a few bits and pieces to extend the existing EMEI database plus a front-office system to operate it).

Not implementing this is pure laziness (from carriers).

- Jesper