or Connect
AppleInsider › Forums › Mobile › iPhone › Hackers release browser-based 'jailbreak' for iPhone 4
New Posts  All Forums:Forum Nav:

Hackers release browser-based 'jailbreak' for iPhone 4

post #1 of 179
Thread Starter 
Hackers on Sunday released the first "jailbreak" for the iPhone 4, a browser-based exploit that allows users to run unauthorized code. However, some reported that the modification results in broken MMS and FaceTime functionality.

A hacker who uses the handle "comex," a member of the iPhone Dev Team, released the hack through a website, jailbreakme.com. Users can visit the site in their iPhone browser to begin the jailbreaking process.

The software modification is the first release for Apple's latest handset hardware, the iPhone 4. Some users reported that the jailbreak managed to break FaceTime and MMS functionality on the device.

Comex, via twitter, said that he was able to reproduce the issues, and is working on a fix. The latest jailbreak does not work with iPads running iOS 3.2.1.

Unlike previous jailbreaks, which required users to run software on their Mac or PC and tether their iPhone to their computer, the latest hack is done entirely within the Safari browser. Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad.

The iPhone 4 jailbreak comes less than a week after the U.S. Library of Congress officially made it legal for users to jailbreak their iPhone to run unauthorized software. The government approved the measure as an exemption to a federal law which prevents the circumvention of technical measures that keep users from accessing and modifying copyrighted works.



The warranty-voiding jailbreak process allows users to run software not approved by Apple, which has no plans to allow users to install third-party applications downloaded from outside its sanctioned App Store. Hackers have created their own custom applications -- many free, and some for purchase from an alternative storefront known as Cydia.

Jailbreaking can also be used to unlock a phone, allowing it to be used on carriers that do not have access to the iPhone.

Apple has been criticized for its strict control over the iPhone App Store, requiring that all applications be approved before they are made available for download. The company has defended this practice, stating that it keeps faulty and potentially dangerous software from being made available, as well as banning unsavory content such as pornography.

In addition to allowing access to legitimate third-party software, both free and paid, through services like Cydia, jailbreaking can also be used to pirate App Store software, one major reason why Apple has fought the practice.
post #2 of 179
Apple should fix this quick. It is horrible to execute a hack within the confines of a mobile browser.
post #3 of 179
Quote:
Originally Posted by Dorotea View Post

Apple should fix this quick. It is horrible to execute a hack within the confines of a mobile browser.

Just avoid visiting that website.
post #4 of 179
Jailbreak works great, no problems here except for some "broken pixels" on respring which aren't really broken. To bad so few packages support iOS4 and none support the retina display yet. Not to mention all the repositories are getting overloaded. Good times are coming though.
post #5 of 179
A browser based jailbreak is the best news I've heard all day. Not since 1.1.1 has it been this easy.
post #6 of 179
Personally, I'd wait a week to run this. comex et al are a good group, but it's always good to let a few days to a week pass before you brick your phone.
:-D * * * * * * * * * * * * * * * *
Reply
:-D * * * * * * * * * * * * * * * *
Reply
post #7 of 179
Wait until a real bad bug gets loose and pwns jailbroken iPhones along with user data, password, and account numbers.

I wonder who will get the blame? Is there any question who it will be? What will the trolls attack as an insecure, useless device? Who will the tech blogs go after? The iPhone Dev-Team? The ass hat users who compromised their phones? The malware author? Nope. We all know who they will go after don't we.
post #8 of 179
Quote:
Originally Posted by lkrupp View Post

...We all know who they will go after don't we.

The Library of Congress?
post #9 of 179
Quote:
Originally Posted by sandau View Post

Personally, I'd wait a week to run this. comex et al are a good group, but it's always good to let a few days to a week pass before you brick your phone.

Can't permanently brick your iPhone with jailbreaking, but waiting for a new iOS jailbreak is good none the less.
post #10 of 179
Umm, doesn't this mean that a malicious website could also "jailbreak" the iPhone and install a rootkit, then do really bad things with your phone, steal your information, call 976 numbers, and so on?

I'm all for jailbreaking the phone but it's a bit scary that you can run code in a browser to do it. This just waiting for someone to exploit some high profile commercial site and pwn hundreds of thousands of iPhones...
post #11 of 179
Quote:
Originally Posted by Dorotea View Post

Apple should fix this quick. It is horrible to execute a hack within the confines of a mobile browser.

Yep. Its one thing to access your system with a direct connect hack, but to access it via a website means that Safari and iOS has a major hole.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #12 of 179
Quote:
Originally Posted by zorinlynx View Post

Umm, doesn't this mean that a malicious website could also "jailbreak" the iPhone and install a rootkit, then do really bad things with your phone, steal your information, call 976 numbers, and so on?

I'm all for jailbreaking the phone but it's a bit scary that you can run code in a browser to do it. This just waiting for someone to exploit some high profile commercial site and pwn hundreds of thousands of iPhones...

It does mean there can be access to root but I think that it can’t be done without user intervention that exceeds going to the website. Could it be cleverly hidden so users don’t realize what they are doing? Possibly.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #13 of 179
Ok, that was very dumb of the author of the exploit to allow such a method to get into the public light. It obviously takes one heck of a security bug or several to be able to execute code that can jailbreak a device through the web browser. If Apple does not fix that exploit now, they could have one hell of a mess on their hands. If someone manages to get you to go to a link, or hijacks the browser.... This was a total blackhat move to just drop an exploit like this into the wild.
post #14 of 179
Quote:
Originally Posted by druble View Post

Ok, that was very dumb of the author of the exploit to allow such a method to get into the public light. It obviously takes one heck of a security bug or several to be able to execute code that can jailbreak a device through the web browser. If Apple does not fix that exploit now, they could have one hell of a mess on their hands. If someone manages to get you to go to a link, or hijacks the browser.... This was a total blackhat move to just drop an exploit like this into the wild.

Nonsense. All Apple products are super secure. Only jailbreakers can get hacked.

iPad2 16 GB
iPhone 5 32 GB

Reply

iPad2 16 GB
iPhone 5 32 GB

Reply
post #15 of 179
Quote:
Originally Posted by freddych View Post

Nonsense. All Apple products are super secure. Only jailbreakers can get hacked.

It takes one hell of a hack to jailbreak an iPhone through the web browser. It's not a hard concept to understand. You should not be able to run a program on an unjailbroken phone that could perform superuser operations that will grant superuser operations to the default user account on the phone. To be able to do such a thing is an exploit and a hack. If someone can run a jailbreak program through the browser they can essentially run anything they want. If you understand how to jailbreak or root a phone, you would understand this. This is a HUGE security flaw.
post #16 of 179
Quote:
Originally Posted by druble View Post

...It obviously takes one heck of a security bug or several to be able to execute code that can jailbreak a device through the web browser. If Apple does not fix that exploit now, they could have one hell of a mess on their hands...

Relax. If a software update doesn't fix the issue, then a press conference surely will. Most likely, million dollar labs are behind the security of iOS4. Plus, it's a challenge for the entire mobile industry, as you can see from this thread: http://forums.appleinsider.com/showt...hreadid=111796 (well, their problems may not be as specific, but having a browser exploit to hack your phone just marks the spot.)
post #17 of 179
I've JB two iPhone 4's and after the install is complete everything works fine. When you need to restart your iPhone 4 you lose two key features, FaceTime and MMS. I've heard you can do a restore to get it back but i've not been able too.. Let me know if anyone else has the same probs or has a work around
post #18 of 179
Maybe the hack was written in HTML5?
post #19 of 179
Quote:
Originally Posted by jb2017 View Post

I've JB two iPhone 4's and after the install is complete everything works fine. When you need to restart your iPhone 4 you lose two key features, FaceTime and MMS. I've heard you can do a restore to get it back but i've not been able too.. Let me know if anyone else has the same probs or has a work around

They've fixed that. Facetime / MMS are ok.

Number one reason to JB....MyWi. Simply brilliant.

http://www.cultofmac.com/mywi-tether...k-review/43645
post #20 of 179
Quote:
Originally Posted by DrDoppio View Post

Relax. If a software update doesn't fix the issue, then a press conference surely will. Most likely, million dollar labs are behind the security of iOS4. Plus, it's a challenge for the entire mobile industry, as you can see from this thread: http://forums.appleinsider.com/showt...hreadid=111796 (well, their problems may not be as specific, but having a browser exploit to hack your phone just marks the spot.)

But there is the question of how the rootkit gets onto the phone. If it could be loaded onto your phone through a drive-by download through an exploit in the web browser, I would say the developer of the browser you are using has a problem on their hands. Otherwise a root-kit is only a root-kit and would still take user intervention to get onto the phone. The question to be asked at this moment is can the jailbreak be run without requiring the user to do anything? The answer to that question is the most important one that people should be asking right now. No phone is secure, and I am not trying to say Android does not have security holes either, to contrast, I would put your mentioned root-kit at moderate, but a browser flaw that also gains superuser access is critical if it can run without permission, because that is exactly the kind of way that a root-kit could be installed onto a phone.
post #21 of 179
What could possibly be so important to run on your IP to take such a risk? I can understand using another network, but what apps could someone want that badly?
post #22 of 179
Quote:
Originally Posted by success View Post

They've fixed that. Facetime / MMS are ok.

Number one reason to JB....MyWi. Simply brilliant.

http://www.cultofmac.com/mywi-tether...k-review/43645

Where do you see that was fixed? I've done this multiple times ending in the same result.
post #23 of 179
Quote:
Originally Posted by storneo View Post

What could possibly be so important to run on your IP to take such a risk? I can understand using another network, but what apps could someone want that badly?

If you can't imagine anything you can't do with your phone now, then you don't need to jailbreak. If at some point you discover that there is something you want to do with your phone that it just plain wont let you, but it is something you know that phone is capable of, then you might want to learn more about it and the options it opens up for you. For now, you should probably not concern yourself with it, because it sounds like you are content.
post #24 of 179
Quote:
Originally Posted by storneo View Post

What could possibly be so important to run on your IP to take such a risk? I can understand using another network, but what apps could someone want that badly?

Risk? If you don't like it or something goes wrong you simply restore. 0 risk.

Even if you only use MyWi that's reason alone to JB. You're paying $30-$50 per month depending on what country you live in for your mobile plan so why not enable tethering with all your other devices that you paid thousands of dollars for?

p.s. You don't need AT&T for tethering now and you can do it via any connection you want not just USB only, BT only, or WiFi only.

+ FaceTime over 3G
post #25 of 179
Quote:
Originally Posted by success View Post

Risk? If you don't like it or something goes wrong you simply restore. 0 risk.

Even if you only use MyWi that's reason alone to JB. You're paying $30-$50 per month depending on what country you live in for your mobile plan so why not enable tethering with all your other devices that you paid thousands of dollars for?

There have been worms in the past that have affected jailbroken phones (Remember the iPhones that got rick rolled?). While becoming infected with a virus or root-kit may be easily resolved by reloading the phones OS, the damage of all your contacts and pictures potentially being stolen, app store purchases, phone calls or sms messages to paid services is a little harder to undo so quickly. Especially if an virus that affects jailbroken phones also loads on an extra one that infects your computer when you connect your phone to it to try to reload the phone.

Not trying to fear monger, but as a rooted Android owner, I fully understand what the implications of my actions could entail, and if you are going to jailbreak, you cant sit back and believe there is an undo button if you get hit with a virus. You need to understand that you have compromised your security further, and you must take extra precautions to protect yourself that that average user would not take. Educating yourself as much as possible before doing such an activity will go a long ways, so don't just jailbreak because you can because it is so easy to do.
post #26 of 179
I would have rather it remain a semi-long process rather then "slide to unlock".
--SHEFFmachine out
Da Bears!
Reply
--SHEFFmachine out
Da Bears!
Reply
post #27 of 179
That slide to Jailbreak brings them smack in the middle of a Patent lawsuit.

Apple acquired the patents on the slider and it's intentions behind a while ago.
post #28 of 179
Quote:
Originally Posted by freddych View Post

Nonsense. All Apple products are super secure. Only jailbreakers can get hacked.

Yup, if you forget to change your default password for SSH for example peeps can access your iDevice's contents. Only affects jailbroken devices.
--SHEFFmachine out
Da Bears!
Reply
--SHEFFmachine out
Da Bears!
Reply
post #29 of 179
Let Freedom Ring!
"Why iPhone"... Hmmm?
Reply
"Why iPhone"... Hmmm?
Reply
post #30 of 179
Quote:
Originally Posted by jb2017 View Post

Where do you see that was fixed? I've done this multiple times ending in the same result.

Saw this on another board:

Quote:
There's an unofficial fix if you're missing facetime and MMS that worked for me:

-add http://iphonedelivery.advinux.fr/cydia as a source
-download the only app from that source
-respring/reboot
-facetime and MMS should now be back

I've also read that if you restore to a pre-jailbreak backup, it will also give back MMS and facetime without undoing the jailbreak as it's not a full firmware restore.
post #31 of 179
Can someone who has done this explain what happens when you 'slide to jailbreak'?

I'm kindof amazed that its even possible over the net by simply pushing a button. Just curious if it does it immediately, some sort of download, any other steps to take, how long. etc.
post #32 of 179
Quote:
Originally Posted by success View Post

Risk? If you don't like it or something goes wrong you simply restore. 0 risk.

Unless you are unable to restore. Or unless you create a security flaw - which we've already seen with previously jailbroken phones.

Quote:
Originally Posted by success View Post

Even if you only use MyWi that's reason alone to JB. You're paying $30-$50 per month depending on what country you live in for your mobile plan so why not enable tethering with all your other devices that you paid thousands of dollars for?

So your argument is that you should jailbreak your phone so that you can get access to services that you have not paid for? Thanks for confirming the common belief that people jailbreak their phones mostly so they can steal something.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #33 of 179
Quote:
Originally Posted by storneo View Post

What could possibly be so important to run on your IP to take such a risk? I can understand using another network, but what apps could someone want that badly?



2 Good reasons right there.

http://www.youtube.com/watch?v=W8XJNcGk7uk
post #34 of 179
Quote:
Originally Posted by september11th View Post

Can someone who has done this explain what happens when you 'slide to jailbreak'?

I'm kindof amazed that its even possible over the net by simply pushing a button. Just curious if it does it immediately, some sort of download, any other steps to take, how long. etc.

Well it basically installs cydia on your iPhone, first try = success for me and I got to unlock mine with ultrasn0w.
post #35 of 179
Quote:
Originally Posted by september11th View Post

Can someone who has done this explain what happens when you 'slide to jailbreak'?

I'm kindof amazed that its even possible over the net by simply pushing a button. Just curious if it does it immediately, some sort of download, any other steps to take, how long. etc.

1) It starts downloading the jailbreak software witha progress bar
2) Once downloaded, it presents another status bar to show the installation process
3) After that, it presents a message saying jailbreak was successful.
4) It then adds Cydia to your homescreen
5) You're done. It doesn't even force you to reboot
post #36 of 179
Quote:
Originally Posted by Masterz1337 View Post


I don't think I'm alone when I say that looks hideous.
post #37 of 179
Quote:
Originally Posted by jragosta View Post

Unless you are unable to restore. Or unless you create a security flaw - which we've already seen with previously jailbroken phones.



So your argument is that you should jailbreak your phone so that you can get access to services that you have not paid for? Thanks for confirming the common belief that people jailbreak their phones mostly so they can steal something.

it's unfair to be charged for tethering. there are no longer any unlimited data plans with at&t. if you stay below your data quota, you are using the same amount of data, why should you have to pay extra to tether your device? why pay a monthly fee to unlock a feature that costs the phone company $0? it's highway robbery.

phone companies should WANT you to tether, then you have a better chance of running over your data quota and then they can charge you outrageous overage fees.

i find it disturbing how against jailbreaking the appleinsider community is. there is no potential for permanent phone damage, and it doesn't even void your warranty because you can just restore to an official firmware and there's no way apple can know that you jailbroke your phone. on phones like the nokia n900, you get an open source linux environment where you don't have to pay apple $100 and sacrifice 30% of your revenue just to distribute a program on the phone. you can create your own programs and compile them on the full terminal.

there is no security disadvantage to having an open computing environment, why would you think there's a security problem that needs to be solved by having a closed app store? why are mobile phones different than the free and open environment of the desktop pc?

they aren't. companies like apple just want to get you used to the idea of running everything through them, the middleman of their software platform. don't be fooled. also, in the US it was recently confirmed that jailbreaking is perfectly legal. you are absolutely blind if you advocate locking yourself out of utilizing your own purchased hardware to its full potential
post #38 of 179
Quote:
Originally Posted by mdriftmeyer View Post

That slide to Jailbreak brings them smack in the middle of a Patent lawsuit.

Apple acquired the patents on the slider and it's intentions behind a while ago.

ugh, it's silly that patents like this can exist. still, you're right.

we need patent law reform, especially for software.
post #39 of 179
Anyone try to use My3G with FaceTime? I've tried and it does not work
post #40 of 179
Quote:
Originally Posted by druble View Post

It takes one hell of a hack to jailbreak an iPhone through the web browser. It's not a hard concept to understand. You should not be able to run a program on an unjailbroken phone that could perform superuser operations that will grant superuser operations to the default user account on the phone. To be able to do such a thing is an exploit and a hack. If someone can run a jailbreak program through the browser they can essentially run anything they want. If you understand how to jailbreak or root a phone, you would understand this. This is a HUGE security flaw.

possibly a huge security flaw, but remember, all iphones come with the same root password by default (i think it's still "alpine"). i think this fact probably makes it easy (but i also thought without jailbreaking, you have no access to root at all. i'm fuzzy on the whole thing).
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Hackers release browser-based 'jailbreak' for iPhone 4