19-Year-Old Jailbreaks iPhone 7 In 24 Hours

An anonymous reader writes: 19-year-old hacker qwertyoruiop, aka Luca Todesco, jailbroke the new iPhone 7 just 24 hours after he got it, in what's the first known iPhone 7 jailbreak. Todesco tweeted a screenshot of a terminal where he has "root," alongside the message: "This is a jailbroken iPhone 7." He even has video proof of the jailbreak. Motherboard reports: "He also said that he could definitely submit the vulnerabilities he found to Apple, since they fall under the newly launched bug bounty, but he hasn't decided whether to do that yet. The hacker told me that he needs to polish the exploits a bit more to make the jailbreak 'smoother,' and that he is also planning to make this jailbreak work through the Safari browser just like the famous 'jailbreakme.com,' which allowed anyone to jailbreak their iPhone 4 just by clicking on a link." Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."

Let's get physical

[madwheel]

If only we could physically hack in a damn Micro SD slot.

Re:Let's get physical

[Pascoea]

An a headphone jack?

Re:Let's get physical

[fluffernutter]

Really? Didn't go with the headphone jack?

Re:Let's get physical

You can have both a micro SD card and a headphone jack. Just not on the iPhone.

Re:Let's get physical

[fluffernutter]

..for the time being.

Re:Let's get physical

[irrational_design]

I feel the same way about my Google Nexus phone.

Re: Let's get physical

[fluffernutter]

I'm sure if all things are equal for any particular phone design, no corporation purposely ignores the customers. The question is whether they listen to the customers like you who have reasonable requests, or if they find a separate group of customers who will be easily manipulated into spending more money. Apple is really, really good at the latter.

Re: Let's get physical

[omnichad]

Yes, Samsung has lots of *hot* features that other makers don't have.

Re: Let's get physical

Wait for the 8 they'll introduce the 3.5mm back claiming they invented it.

Re: Let's get physical

[fizzer06]

Like a user replaceable battery?

Re:Let's get physical

[cfalcon]

>..for the time being

Just because Apple has a bad idea doesn't mean everyone else has to copy it.

Re: Let's get physical

[omnichad]

If there's enough left of the phone when the battery comes out...

Re: Let's get physical

[bloodhawk]

Ahhhh yes much better to have Zero options than a convenience that is only useful in most circumstances, after all every apps, movie and music have a huge need for random writes.. FYI, IPhone storage won't be doing 500MB+ random writes either.

Re: Let's get physical

[zenith1111]

iPhone storage can do 500MB+, a micro SD struggles to do faster than 200kB/s 4k writes.

Are you claiming the iPhone flash can arite 500MB+ at small random writes?

Fast microSD cards in phones are good enough to record and playback pretty much all mobile content availabe, with write speeds passing 100MB/s (yes, capital B). That is plenty fast for auxiliary storage. Small random writes are slow, of course, but they are also slower in the internal storage, in the iPhone they will probably not be much higher than 2MB/s, just like everyone else.

Re: Let's get physical

[zenith1111]

*write

Re: Let's get physical

[RevDisk]

On board NAND is indeed always going to be faster. Because well, it's on the friggin board. MicroSD however is good enough for sequential reads. Like music, photos, video, etc. Which tends to be what people store on MicroSD cards. So, yes, sometimes I indeed DO want cheap slow storage. That's why folks often back up to NAS's instead of backing up to SAN's with twenty times the cost.

Re:Let's get physical

[wbo]

Apple sells SD card readers that work with almost all iOS devices including the iPhone 7.

Not quite as nice as having a slot built-in to the phone and application support is a bit limited due to the fact that only a few iOS applications support external storage devices but it does work.

Apple also sells a Lightning to USB host adapter which lets you use other USB devices such as keyboards, mice, flash drives, and external hard drives (as long as they don't attempt to pull too much power over USB)

Re:Let's get physical

[macs4all]

>..for the time being

Just because Apple has a bad idea doesn't mean everyone else has to copy it.

But, if history is any indicator, you know they will.

Yawn

[sometext]

This guy does this every time a new version of iOS comes out and he never releases it publicly. For all we know it's been the same exploit all along.

Re:Yawn

Few things motivate a brilliant teenager like a wealthy corporation saying "you can't do this."

Re: Yawn

Wonder if this (very talented) hacker is there one that helped the FBI crack that San Bernardino shooter's phone.

Re:Yawn

[somenickname]

Seems like it would be easy for Apple to fix this: Just raise the prices until 19 year olds can't afford the iPhone 8. Problem solved.

Re:Yawn

Success through obscurity!

I've also hacked every new Apple product's firmware within 24 hours, but am not going to release any methods. I am also definitely an 18 year old leet haxor called cali^babe^17^ working alone.

Rules of any hacking community:
1. Without proof, the hack doesn't exist.
2. Without proof, the author isn't the publisher.

1 is easy to fix. 2 is for those who believe that big exploits are all released by mysterious little kids.

Re:Yawn

They'd be smart to introduce him to some smoking hot 18 year old chick with an Apple tattoo. He'd be too busy rooting something else to bother with the phone.

Re:Yawn

[fluffernutter]

Shit man, I had all the money in the world to spend on an iPhone when I was 19. Now my family just takes it all.

Re:Yawn

[michelcolman]

Even smarter would be simply hiring him. Find and fix iOS flaws and find Galaxy flaws.

Re:Yawn

[macs4all]

This guy does this every time a new version of iOS comes out and he never releases it publicly. For all we know it's been the same exploit all along.

It's all too easy to fake-up a boot sequence in a video.

24 Hours?

[WD]

What's the point of mentioning deceptive measures of time like this? It's not like this person started from scratch, decided to jailbreak an iPhone 7, and then 24 hours later was done.

The individual likely had an iOS jailbreak, which likely chained together a number of vulnerabilities and took some undisclosed amount of time to develop, and then tweaked / confirmed it on the new hardware. The 24-hour specification means nothing.

Re:24 Hours?

[Lumpy]

he has had months to work on it. The beta was easy to join for everyone.

Re:24 Hours?

Whenever anyone does anything they're going to build on their past experiences and already established skills. Whether they're doing a Rubik's cube or a crossword or running a race, there's always going to be an 'undisclosed amount of time to develop' that preceded it. I don't see that that invalidates timing how long they took over the latest challenge.

Re:24 Hours?

[evileeyore]

if you look at this twitter feed he was talking about the new software/hardware weeks ago. so yeah has been working on it for a while.

Re:24 Hours?

[vux984]

What's the point of mentioning deceptive measures of time like this?

Because regardless of how long he had to work on it or how old the exploit is the fact still remains that the device was rooted within 24 hours of launch.

So if you want to root your iphone 7 ... natch... you can. Day 1. And Playstation/Xbox owners are jealous.

And if you were betting with your friends that it would be months before anyone rooted it thanks to new security features and ios10 etc... well....then you lose.

Re:24 Hours?

[viperidaenz]

"19 year old jailbreaks new iPhone 7 in under 20 years"

Re:24 Hours?

[someone1234]

You all got this wrong, It is the actual jailbreaking process that takes 24 hours.

Re: 24 Hours?

[loufoque]

I think you're forgetting the work evolution did in coming up with the right DNA

Re:24 Hours?

[StikyPad]

Because he likely used an existing exploit and changed some addresses for the new OS/Hardware. That's not the same as discovering a new vulnerability and exploiting it in the same amount of time. It's like remarking that someone had a baby less than 24 hours after getting married, and not understanding how that could be possible.

The best part was...

[squiggleslash]

....he was able to use the hack to re-enable the headphone jack.

Why would he report it?

[wardrich86]

Why report something that will end in your device being crippled? Fuckin' stupid

Re:Why would he report it?

[BradleyUffner]

Money enough to buy an open platform phone, like Android.

Re:Why would he report it?

[StikyPad]

Release it? He doesn't have to, but he doesn't have to flaunt it either. It's like sitting down and eating a delicious steak in front of starving people. It's still a dick move. If he doesn't plan to release it, then don't bother to announce it.

What's the point of mentioning the age?

[blkmajik]

Mentioning the age does nothing for the story. It's completely irrelevant data.

Re:What's the point of mentioning the age?

[cfalcon]

> Mentioning the age does nothing for the story

It really is relevant. There's quite a bit of domain knowledge needed to do that with modern devices, so someone who has had a lot less time to acquire that knowledge doing something like this is definitely notable.

Re:What's the point of mentioning the age?

[Architect_sasyr]

Yes and No I guess. What was rocket science to my parents was 9th grade mathematics to me, same would apply here - no need to learn the basics of assembly, disassembly, identifying functions by groups of bytes, or even determining the USB protocols necessary to debug when someone else has done that part for you.

"You stood on the shoulders of geniuses to accomplish something as fast as you could, and before you even knew what you had..."

Re:What's the point of mentioning the age?

[StikyPad]

To be fair, US teenagers probably have more free time than any other age group besides retirees.

Re:Apple needs side loading / 3rd party app stores

[Scorpinox]

You can easily side load a lot of stuff yourself using the free personal developer accounts. The apps expire after 30 days though so you have to keep re-adding it every month. I've got a couple apps on my phone that apple would never approve on the store, no jailbreaking.

4 SPI wires, or usb

[raymorris]

It has USB over Lightning, so you COULD attach a micro SD reader, internal or stuck to the case.

If you wanted to be even more hackish, it shouldn't be hard to find some SPI pins. You can interface micro SD cards with four SPI pins plus power and ground. This guy provided root in the software in order to make the OS used the micro SD for whatever you choose.

Re:4 SPI wires, or usb

[macs4all]

It has USB over Lightning, so you COULD attach a micro SD reader, internal or stuck to the case.

If you wanted to be even more hackish, it shouldn't be hard to find some SPI pins. You can interface micro SD cards with four SPI pins plus power and ground. This guy provided root in the software in order to make the OS used the micro SD for whatever you choose.

Lightning is a completely software-configurable interface. Unlike the old 30 pin connector, it basically has no dedicated pins, period; so no SPI, unless Apple made a pseudo-SPI mode available.

Re:Am I trolling?

[tlhIngan]

Lock him away and take all this data and hardware and when he submits the bugs to Apple, make Apple pay him the bounty and let him go with a nice clap on the back.

Well, or trust him not to sell the exploit to someone else or have it stolen. This must be worth a lot of money, much more when it is not submitted. People have been stolen from, killed or tortured for less.

Exploits are the new plutonium. You can prepare for war with stockpiling and weaponizing them.

Well, given there are three parties who would pay for it. First is Apple, as part of their bug bounty. He'd probably get a cool quarter million out of it.

The second party is pirate app stores for iOS - they often sell access to their pirated apps and do have some money to spend. The Pengu jailbreaks were basically this.

The third party is state-sponsored agencies. If you were in it for the money, you WOULD do this because they really pay - a cool million dollars or more for something like this.

It's traditionally why Apple doesn't pay for bug bounties - Microsoft, Google, their vulnerabilities sell for around the same price as the bug bounty - typically a 10-20K. But an iOS bug is big-time, easily $1M+.

kthxapple

[SeaFox]

Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."

Luca responded that it took "courage" to talk about his exploit and possibly withholding it from Apple.

Re:kthxapple

[geekmux]

Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."

Luca responded that it took "courage" to talk about his exploit and possibly withholding it from Apple.

I say he offers it in exchange for a headphone jack.

Re:Apple needs side loading / 3rd party app stores

[tlhIngan]

You can easily side load a lot of stuff yourself using the free personal developer accounts. The apps expire after 30 days though so you have to keep re-adding it every month. I've got a couple apps on my phone that apple would never approve on the store, no jailbreaking.

Even better, Apple generally wants you to do this with apps with source code - the developers of f.lux tried it, but they released it as binary only and Apple called them out over it.

It's one of those things you really wish you could ask RMS about - a commercial closed-source OS that allows open-source to be loaded on, with enforcement of the "source" part - no releasing of binaries that may or may not match the source, but an OS that requires you to build the app from source code.

Clearly

[The-Ixian]

This demonstrates how full of security holes all our devices are.

Apple prides itself on security, yet even their products are like swiss cheese.

Re:Clearly

[cfalcon]

Most iPhone jailbreaks rely on the phone opting in to the exploit, they usually aren't just "get text message, get owned". That's a different class of security vulnerability.

Of course, there are exceptions, like the one used recently that got patched within days.

Re:Clearly

[Bing+Tsher+E]

Most jailbreaks for most other gadgets like iPhones similarly rely on the phone opting in to the exploit. There's nothing special about Apple's gadgets in that regard.

Re:Clearly

[LichtSpektren]

That would require somebody buying a BlackBerry Android.

Obligatory Mandy Rice-Davies

[Dogtanian]

I'm sure Apple have users' best interests at heart.

Thinking along pretty much the same lines as myself there.

"Apple strongly cautions against installing any software that hacks iOS."

"Well, they would, wouldn't they?"

Re:Obligatory Mandy Rice-Davies

[macs4all]

I'm sure Apple have users' best interests at heart.

Thinking along pretty much the same lines as myself there.

"Apple strongly cautions against installing any software that hacks iOS."

"Well, they would, wouldn't they?"

What would you expect them, or indeed any OEM, to say?

Get real.

Re:Obligatory Mandy Rice-Davies

[Dogtanian]

What would you expect them, or indeed any OEM, to say?

Er, I think you missed the point being made. That's precisely what I *would* have expected them to say, because it was in their own interest. Hence the quote.

Or perhaps your problem was with my implication that the motive was driven by their own self-interest, rather than pure, selfless concern for their users? Well, yeah.

Of course, by adding "or indeed any OEM", you're implying that this is an attack/persecution specifically towards Apple and that I'm biased. Nope; doubt I'm any more partisan than someone with the username "macs4all", and I'm sure that most similar corporations in Apple's position would have come up with a similarly self-serving answer. Doesn't make Apple any better than them, though.

Re:Obligatory Mandy Rice-Davies

[macs4all]

Of course, by adding "or indeed any OEM", you're implying that this is an attack/persecution specifically towards Apple and that I'm biased. Nope; doubt I'm any more partisan than someone with the username "macs4all", and I'm sure that most similar corporations in Apple's position would have come up with a similarly self-serving answer. Doesn't make Apple any better than them, though.

First, your OP made it clear that you were intending your comment as disparagement towards Apple. And you ad hominem attack against me, based on my username, confirms exactly that.-

But then, you undermine your entire argument by agreeing that ANY OEM would have made the same "Don't replace/infiltrate your OS with some unknown hack." Now you claim that makes Apple no better than other OEMs. Conversely, however, it makes them no worse.

And the reason why, is that their legal departments no doubt caution that if they DON'T make such a statement, they could be found liable if someone bricks their device, gets their personal info hacked, etc., after installing such an intentional exploit.

Re:Obligatory Mandy Rice-Davies

[Dogtanian]

your OP made it clear that you were intending your comment as disparagement towards Apple

If you view the accusation of Apple's advice being self-serving as "disparagement", then this was already clearly implied in the original comment, then clearly (and explicitly) spelled out for you in my previous comments!

And you ad hominem attack against me, based on my username, confirms exactly that

Your original comment already smacked of defensive fanboyism before I'd even noticed your username or taken a look at any of your other comments (#); that simply confirmed it for me.

If you'd come across as an otherwise neutral observer with an Apple-related username, you'd have had a point; but this wasn't the case.

You seem to think that "ad hominem" is a universal retort to anyone noting your username; it's not. If it was being used to shut down an unarguably true and factually correct point, you might have a case. However, if one is simply using it as evidence that you're an Apple fan and that this may be reflected in matters of judgement and viewpoint, it's quite legitimate.

Now you claim that makes Apple no better than other OEMs. Conversely, however, it makes them no worse.

Don't think I was suggesting otherwise. If Sony had done something similar and we'd been discussing that, I'd have been equally happy to accuse them of being self-serving in the same manner.

Your problem is (I'm guessing) that- like a lot of fans of anything- you view everything in terms of pro- or anti- your favourite whatever, and assume that everyone else is arguing in terms of that mentality. Hence, criticism of Apple is attack specifically on Apple.

Nope. As far as the point being discussed here is concerned, they're just another corporation- albeit one that is both financially successful and good at getting talked about- exhibiting typical corporate behaviour.

(#) And having done that, I suspected that you might accuse me too of an "ad hominem" attack. I was correct.

oh, yaay apple...

[irving47]

At least their quote didn't include the illegal threat to void the warranty.

Re: Apple needs side loading / 3rd party app store

[SimonTheSoundMan]

Or, develop your own app and distribute it using MacOS Server, MDM or VPP. You can even have your own app store in a enterprise environment with iOS. It's not as locked down as people believe. Just there are no public app stores other than Apple's own.

Re: Apple needs side loading / 3rd party app store

[brantondaveperson]

You can do that? I have MacOS server installed, can I just build an iOS app and put it on my kids ipads (for instance) alongside all their other apps?

Re:Apple needs side loading / 3rd party app stores

[StikyPad]

You don't need the source code -- you can simply sign a binary with your own dev credentials.

Re:Apple needs side loading / 3rd party app stores

[LichtSpektren]

I don't think RMS's position on this is obscure at all. Firstly he opposes the term "open source", secondly he strongly advises that people not use an unfree OS to begin with.

Those are two different options

[raymorris]

I was referring to two different options. USB over Lightning is one option.

As another, more hackish option the board surely has some SPI pins.

That said, because it is software-defined AND you have root, *perhaps* you could do SPI over Lightning. That's not what I was suggesting, though.

Re:Those are two different options

[macs4all]

I was referring to two different options. USB over Lightning is one option.

As another, more hackish option the board surely has some SPI pins.

That said, because it is software-defined AND you have root, *perhaps* you could do SPI over Lightning. That's not what I was suggesting, though.

At first glance, I would guess that Lightning is done over GPIO pins (with maybe some DMA thrown in), rather than a specific ARM "peripheral". But, since Apple actually rolls-their-own ARM designs; it would be logical to assume that they DO have some sort of custom Lightning i/f built into their SoCs.

They might talk to their radios, gyros, etc. over SPI (and/or I2C); but, in such a tightly-integrated device, it might be pretty hard to come up with an "enable" pin for your particular, non-planned-for SPI device.

Personally, if I was just using it for some "offline" storage that didn't require "Always there" access, I'd just use a Lightning-based Reader/Writer (Amazon has a nice one for SD and MicroSD (albeit a little pricey) I've been thinking of getting), and something like the GoodReader App, to access the SD storage and the "local" files. Life's just too short to ass-around with jailbreaking to get access to a POSSIBLE SPI i/f. And then you have to write some sort of Driver, and then you have to figure out how to expose access to that Driver, etc. etc. By the time you get THAT familiar with the innards of both the Device AND the OS, you'd mightaswell be making money with those skills... ;-)

In a related report...

[martinfb]

In a related report, another hacker has installed Linux on a Lenovo laptop that MS has had Lenovo lock down to prevent such a thing.

Not really. Yet, who cares?

Re: Apple needs side loading / 3rd party app store

[SimonTheSoundMan]

Or, just send a Profile to the device. No dev account needed. You can install and run your own enterprise apps remotely.