Slashdot Mirror
Apple's War Against Jailbreaking Now Makes Perfect Sense
An anonymous reader writes "Apple has always been extremely anti jailbreaking, but it might now have a good reason to plug up the exploits. As Hardware 2.0 argues, Apple's new iOS 7 Activation Lock anti-theft mechanism which renders stolen handsets useless (even after wiping) unless the owner's Apple ID is entered relies on having a secure, locked-down OS. Are the days of jailbreaking iOS coming to a close?" I can see a whole new variety of phone-based ransom-ware based on this capability, too.
How about "war against security exploits that allow malicious users to gain unrestricted access to your phone?"
I guess Linux and Microsoft are both engaged in a 'war against jailbreaking' too, when they close fucking security exploits.
Jesus christ - if you want root on your device, get a device that is built to allow that. Don't bitch that a company closes fucking security holes in its software.
Whats wrong with IMEI blacklisting.
Really? You'd buy a "gray-market" iPhone without seeing that it's on, and operational? Are you that retarded, really? I can only assume that you're retarded, since I can't imagine even the most dim-witted average person forking over good money for an iPhone without verifying that the thing is functional.
What this does is it makes it *mostly pointless* for someone to steal an iPhone, unless (until) someone finds a way to circumvent this activation lock. If it's useless, that scam works a limited number of times, and you're going to have some 'splainin to do to your customers. And you're going to have some angry customers who know who you are and can provide a description to police... "Hey I bought this iPhone advertised on Craigslist, and I have reason to believe it's stolen. I got it from this guy, here's his name and description."
Wow...
Would you steal a stereo? Would you steal a purse? Well, if you jailbreak your iPhone, you may as well!
Jailbreaking your iPhone prohibits Apple from protecting the safety of your loved ones. Think of the children.
TERRORISTS!!
Shenanigans!!
Anything to convince law-makers that having control over your own devices is evil.
Bah!
"Helping to keep you two steps ahead of the Thought Police!"
They want to prevent anyone else from starting an app store in competition with theirs.
The phone's CPU could have a special PIN number that comes on a scratch card in the box when you buy it.
If your phone gets stolen you call your operator and read them the PIN. They send out a "kill" signal and the phone commits suicide.
This is impossible for hackers to fake - they can never know the PIN.
No sig today...
In our business we have had several thousand 4's stolen over the last 2 years. We have 0 recourse to recover them. Apple admits they see them popping up all over the world under other names but can't recall or stop them from being used.
Bricking them or recovering them was a request of many businesses and officers of the law. Dry up the demand and you will slow down the theft.
Go to an Apple store, they take it out of the box right there and activate it. Go to an AT&T store, they take it out of the box right there and activate it.
There's no reason to not say "open the shrinkwrap, plug it in, and let's verify that it's ready for activation, and not a brick."
If the person you're buying from suddenly gets all nervous and says "I gotta go man, just gimme the money and take the phone, I ain't got time for that," then there's a pretty fucking good warning that you're getting scammed.
Seriously, you people are fucking dense if you think this will do anything but reduce the number of stolen iPhones.
This PIN number thingamajiggy you speak of, is it to enter into the LCD display of an ATM machine? Good thing those are engineered using CAD design, but even better they're not programmed using BASIC code and don't run on a DOS operating system anymore, and now have gobs of RAM memory!
...it will simply cripple the trust of the secondary market...
I think it will just change the protocol for selling on eBay or Craigslist. Sellers will probably learn to post a picture of the phone, turned on, showing the date... and also the serial number or something. If you can get into the settings, then it wouldn't be locked. But really, sending a bricked phone is no different from sending a broken phone or no phone at all, so I think this all falls into the "fraud" dept.
FWIW, there were five things which immediately went through my head when I saw them announce Activation Lock. In order, they are:.
- "If iOS7 can be jailbroken, Activation Lock is useless"
- "There needs to be a simpler way to 'release' a phone from your ownership". (I once went into "Find My iPhone" and was able to see all three iPads I've ever owned and the last three iPhones I've had. It turns out that it takes some deliberate navigating, on the part of the user, to indicate that they no longer own a device. That needs to be simpler.
- It needs to be *verifiable* by the buyer that a device isn't "owned" by anybody. Otherwise, the device could be locked at any time in the future. (or... there needs to be a way for someone with a locked phone to track down the person with locking rights on a phone so that they can say "Hey... remember that phone you sold back to BestBuy last Spring? They never released you as the owner". Almost like doing a title-search on a piece of property.
- Apple will probably need some kind of arbitration dept. for the "This dude sold me his phone and won't release his lock rights" or "I can't find the person who has lock rights" issues.
- If this is something which people have to turn on in the phone before it gets stolen, it's going to be useless. Almost nobody is going to take the time to enable it, which means a small fraction of stolen phones will get activation-locked, which means there will be a small deterrent to theft.
I eagerly await the rollout of iOS7 to see how Apple deals with these issues.
Whose device again? Money changed hands.
Actually there is a much simpler way to go about this problem (with theft) which would leave both Apple and the NSA out of the loop.
Every cellphone is equipped with an EMEI number which works similar to a network MAC address. It is a unique hardware identifier for each phone - on a global scale.
The EMEI is visible in the settings/control-panel section of any modern phone, and often also printed on either the box the device is supplied in, or a piece of paper inside. And it is used by every carrier on the planet as a part of the calling infrastructure.
All the carriers would need to do, is to allow a "blacklist" of EMEI numbers, so when your device is stolen you simply report the EMEI to the carrier and they blacklist it. To prevent abuse each device could be supplied with an anti-theft key generated by the initial operator or by the manufacturer (so only the holder of both the EMEI and theft-key can have it blacklisted).
The technical capability to do this already exists. Some operators have even implemented it in trials. Their reasons for not using it today is the fact that not all operators actually want to bust customers with stolen phones, and this system would be kind of pointless if only half the carriers implement it.
Enter regulation. The political system could easily pass a law that forces all carriers to implement this kind of EMEI-based anti theft system. It would take little to design, it would work for every phone on the planet regardless of make/model, and it would include only known technology (just a few bits and pieces to extend the existing EMEI database plus a front-office system to operate it).
Not implementing this is pure laziness (from carriers).
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...