Hackers release browser-based 'jailbreak' for iPhone 4

Posted:
in iPhone edited January 2014
Hackers on Sunday released the first "jailbreak" for the iPhone 4, a browser-based exploit that allows users to run unauthorized code. However, some reported that the modification results in broken MMS and FaceTime functionality.



A hacker who uses the handle "comex," a member of the iPhone Dev Team, released the hack through a website, jailbreakme.com. Users can visit the site in their iPhone browser to begin the jailbreaking process.



The software modification is the first release for Apple's latest handset hardware, the iPhone 4. Some users reported that the jailbreak managed to break FaceTime and MMS functionality on the device.



Comex, via twitter, said that he was able to reproduce the issues, and is working on a fix. The latest jailbreak does not work with iPads running iOS 3.2.1.



Unlike previous jailbreaks, which required users to run software on their Mac or PC and tether their iPhone to their computer, the latest hack is done entirely within the Safari browser. Users simply visit the URL to begin the process, which modifies the iOS mobile operating system found on the iPhone, iPod touch and iPad.



The iPhone 4 jailbreak comes less than a week after the U.S. Library of Congress officially made it legal for users to jailbreak their iPhone to run unauthorized software. The government approved the measure as an exemption to a federal law which prevents the circumvention of technical measures that keep users from accessing and modifying copyrighted works.







The warranty-voiding jailbreak process allows users to run software not approved by Apple, which has no plans to allow users to install third-party applications downloaded from outside its sanctioned App Store. Hackers have created their own custom applications -- many free, and some for purchase from an alternative storefront known as Cydia.



Jailbreaking can also be used to unlock a phone, allowing it to be used on carriers that do not have access to the iPhone.



Apple has been criticized for its strict control over the iPhone App Store, requiring that all applications be approved before they are made available for download. The company has defended this practice, stating that it keeps faulty and potentially dangerous software from being made available, as well as banning unsavory content such as pornography.



In addition to allowing access to legitimate third-party software, both free and paid, through services like Cydia, jailbreaking can also be used to pirate App Store software, one major reason why Apple has fought the practice.
«13456789

Comments

  • Reply 1 of 178
    doroteadorotea Posts: 323member
    Apple should fix this quick. It is horrible to execute a hack within the confines of a mobile browser.
  • Reply 2 of 178
    drdoppiodrdoppio Posts: 1,132member
    Quote:
    Originally Posted by Dorotea View Post


    Apple should fix this quick. It is horrible to execute a hack within the confines of a mobile browser.



    Just avoid visiting that website.
  • Reply 3 of 178
    Jailbreak works great, no problems here except for some "broken pixels" on respring which aren't really broken. To bad so few packages support iOS4 and none support the retina display yet. Not to mention all the repositories are getting overloaded. Good times are coming though.
  • Reply 4 of 178
    mewsmews Posts: 2member
    A browser based jailbreak is the best news I've heard all day. Not since 1.1.1 has it been this easy.
  • Reply 5 of 178
    sandausandau Posts: 1,230member
    Personally, I'd wait a week to run this. comex et al are a good group, but it's always good to let a few days to a week pass before you brick your phone.
  • Reply 6 of 178
    lkrupplkrupp Posts: 7,162member
    Wait until a real bad bug gets loose and pwns jailbroken iPhones along with user data, password, and account numbers.



    I wonder who will get the blame? Is there any question who it will be? What will the trolls attack as an insecure, useless device? Who will the tech blogs go after? The iPhone Dev-Team? The ass hat users who compromised their phones? The malware author? Nope. We all know who they will go after don't we.
  • Reply 7 of 178
    drdoppiodrdoppio Posts: 1,132member
    Quote:
    Originally Posted by lkrupp View Post


    ...We all know who they will go after don't we.



    The Library of Congress?
  • Reply 8 of 178
    Quote:
    Originally Posted by sandau View Post


    Personally, I'd wait a week to run this. comex et al are a good group, but it's always good to let a few days to a week pass before you brick your phone.



    Can't permanently brick your iPhone with jailbreaking, but waiting for a new iOS jailbreak is good none the less.
  • Reply 9 of 178
    zorinlynxzorinlynx Posts: 169member
    Umm, doesn't this mean that a malicious website could also "jailbreak" the iPhone and install a rootkit, then do really bad things with your phone, steal your information, call 976 numbers, and so on?



    I'm all for jailbreaking the phone but it's a bit scary that you can run code in a browser to do it. This just waiting for someone to exploit some high profile commercial site and pwn hundreds of thousands of iPhones...
  • Reply 10 of 178
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by Dorotea View Post


    Apple should fix this quick. It is horrible to execute a hack within the confines of a mobile browser.



    Yep. It?s one thing to access your system with a direct connect hack, but to access it via a website means that Safari and iOS has a major hole.
  • Reply 11 of 178
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by zorinlynx View Post


    Umm, doesn't this mean that a malicious website could also "jailbreak" the iPhone and install a rootkit, then do really bad things with your phone, steal your information, call 976 numbers, and so on?



    I'm all for jailbreaking the phone but it's a bit scary that you can run code in a browser to do it. This just waiting for someone to exploit some high profile commercial site and pwn hundreds of thousands of iPhones...



    It does mean there can be access to root but I think that it can’t be done without user intervention that exceeds going to the website. Could it be cleverly hidden so users don’t realize what they are doing? Possibly.
  • Reply 12 of 178
    drubledruble Posts: 62member
    Ok, that was very dumb of the author of the exploit to allow such a method to get into the public light. It obviously takes one heck of a security bug or several to be able to execute code that can jailbreak a device through the web browser. If Apple does not fix that exploit now, they could have one hell of a mess on their hands. If someone manages to get you to go to a link, or hijacks the browser.... This was a total blackhat move to just drop an exploit like this into the wild.
  • Reply 13 of 178
    freddychfreddych Posts: 266member
    Quote:
    Originally Posted by druble View Post


    Ok, that was very dumb of the author of the exploit to allow such a method to get into the public light. It obviously takes one heck of a security bug or several to be able to execute code that can jailbreak a device through the web browser. If Apple does not fix that exploit now, they could have one hell of a mess on their hands. If someone manages to get you to go to a link, or hijacks the browser.... This was a total blackhat move to just drop an exploit like this into the wild.



    Nonsense. All Apple products are super secure. Only jailbreakers can get hacked.
  • Reply 14 of 178
    drubledruble Posts: 62member
    Quote:
    Originally Posted by freddych View Post


    Nonsense. All Apple products are super secure. Only jailbreakers can get hacked.



    It takes one hell of a hack to jailbreak an iPhone through the web browser. It's not a hard concept to understand. You should not be able to run a program on an unjailbroken phone that could perform superuser operations that will grant superuser operations to the default user account on the phone. To be able to do such a thing is an exploit and a hack. If someone can run a jailbreak program through the browser they can essentially run anything they want. If you understand how to jailbreak or root a phone, you would understand this. This is a HUGE security flaw.
  • Reply 15 of 178
    drdoppiodrdoppio Posts: 1,132member
    Quote:
    Originally Posted by druble View Post


    ...It obviously takes one heck of a security bug or several to be able to execute code that can jailbreak a device through the web browser. If Apple does not fix that exploit now, they could have one hell of a mess on their hands...



    Relax. If a software update doesn't fix the issue, then a press conference surely will. Most likely, million dollar labs are behind the security of iOS4. Plus, it's a challenge for the entire mobile industry, as you can see from this thread: http://forums.appleinsider.com/showt...hreadid=111796 (well, their problems may not be as specific, but having a browser exploit to hack your phone just marks the spot.)
  • Reply 16 of 178
    jb2017jb2017 Posts: 9member
    I've JB two iPhone 4's and after the install is complete everything works fine. When you need to restart your iPhone 4 you lose two key features, FaceTime and MMS. I've heard you can do a restore to get it back but i've not been able too.. Let me know if anyone else has the same probs or has a work around
  • Reply 17 of 178
    eulereuler Posts: 78member
    Maybe the hack was written in HTML5?
  • Reply 18 of 178
    successsuccess Posts: 1,039member
    Quote:
    Originally Posted by jb2017 View Post


    I've JB two iPhone 4's and after the install is complete everything works fine. When you need to restart your iPhone 4 you lose two key features, FaceTime and MMS. I've heard you can do a restore to get it back but i've not been able too.. Let me know if anyone else has the same probs or has a work around



    They've fixed that. Facetime / MMS are ok.



    Number one reason to JB....MyWi. Simply brilliant.



    http://www.cultofmac.com/mywi-tether...k-review/43645
  • Reply 19 of 178
    drubledruble Posts: 62member
    Quote:
    Originally Posted by DrDoppio View Post


    Relax. If a software update doesn't fix the issue, then a press conference surely will. Most likely, million dollar labs are behind the security of iOS4. Plus, it's a challenge for the entire mobile industry, as you can see from this thread: http://forums.appleinsider.com/showt...hreadid=111796 (well, their problems may not be as specific, but having a browser exploit to hack your phone just marks the spot.)



    But there is the question of how the rootkit gets onto the phone. If it could be loaded onto your phone through a drive-by download through an exploit in the web browser, I would say the developer of the browser you are using has a problem on their hands. Otherwise a root-kit is only a root-kit and would still take user intervention to get onto the phone. The question to be asked at this moment is can the jailbreak be run without requiring the user to do anything? The answer to that question is the most important one that people should be asking right now. No phone is secure, and I am not trying to say Android does not have security holes either, to contrast, I would put your mentioned root-kit at moderate, but a browser flaw that also gains superuser access is critical if it can run without permission, because that is exactly the kind of way that a root-kit could be installed onto a phone.
  • Reply 20 of 178
    storneostorneo Posts: 101member
    What could possibly be so important to run on your IP to take such a risk? I can understand using another network, but what apps could someone want that badly?
Sign In or Register to comment.