Entertaining note: I just got back from the Apple Store.
Three of the four iDevices I looked at while waiting for the Genius Bar had been jailbroken.
I thought it was fairly amusing.
Quote:
Originally Posted by JeffDM
I didn't notice anyone else explaining it so here it is: click user's name, click "public profile", click "user lists", then click "add to ignore list". It's tougher than I remember, it took me a bit of stumbling to find this method.
Quote:
Originally Posted by DrDoppio
User CP-->Edit Ignore list
Thank you. I'll enjoy this forum more with less apparent trolls.
Quote:
Originally Posted by Menno
And how do you know they have other methods? Most jail breaking communities stop looking for a jailbreak once a stable method is discovered, no matter what that method is. If they had other methods, they would've released them already. Apple's had years to work on their security, and every time an exploit is found they fix it (and try to find others like it)
If you come across an exploit that works, you run with it.
Because that's been their history. They've always carefully balanced the exploits they've used and, when possible, kept tricks up their sleeve. It has been the subject of some fallout in the community. You're actually talking to someone who is more familiar with these things than you might know. Oh, and also, they said they've got angles, so that probably counts too.
Quote:
Originally Posted by Menno
I don't want to turn this into a fanboy debate, so please don't mistake this.. But as a point of example, lets look at the Dev community for Android on the motorola droid. They found an exploit in the 2.0 code that allowed them to create root access. When the phone was updated to 2.1 they didn't even try to root 2.1. instead, what they did was simply flashed an alternate recovery, and rolled back the phone to 2.01 and used the same rooting method.
Could they come up with another method (in 2.0 there was a 1 click root, it was a lot more complex with 2.1) sure. In fact, a group did do this eventually, but most didn't even attempt it. Why? Because once root was attained, why spend hours trying to find another method when you already had one that works?
It will depend on features and user interest. I imagine 4.1 is going to garner enough interest that there will be a strong demand for a jailbreak. Similarly, the previous 3.whatever was never a priority for them to jailbreak because it didn't add much of value. Another matter to consider, though, is that I expect there is far more talent and effort going into iPhone jailbreaks than for any other mobile phone due to the demand, user-base, company profile, and interest.
Quote:
Originally Posted by Menno
Jailbreaking is completely different from piracy. When you Jailbreak a phone you are taking control of a product you own (no matter the method). Piracy is acquiring something you don't own. The two are completely different.
Great, but I never said they were the same thing.
(Though for many who jailbreak they are, but that's another matter.)
Quote:
Originally Posted by DrDoppio
Hey, remember the guy who stole an iPhone 4 prototype and sold it to Gizmodo? What an idiot, huh?
Ever thought of what would have happened if he had bought a plane ticket to some far away dictatorship country instead? Think of cheap knock-offs galore, in white too... and jailbroken...
Surely exposing a security flaw publicly isn't the friendliest thing to do, but those guys aren't actually being payed by Apple, are they? And they could have been payed by someone else to make other uses of the hack...
Yeah, I remember of course, but I'm not sure what the suggestion here is? Maybe I'm just tired. My only point in regard to all of this is that exposing a dangerous security hole (or promoting it, expanding upon it, whatever) is a shady thing to do. That's a fact—it risks harming others in some way; material, in this case. I won't be complaining when I use the jailbreak.
Quote:
Originally Posted by DocNo42
I dunno, if Apple was really concerned bout jailbreaking I'm sure they could stop the vast majority of it. I don't think it's that big a priority for them.
Until now? The ease of this exploit might bring some unwelcome attention from SJ himself, so I'm not sure this was the smartest thing for jailbreak community to do...
The Steve has disliked jailbreaking for quite some time now and you can bet he's planning to come down on this one with a mid-release update to kill it due to the security threat (and the PR threat). Apple seems to be a little more lax about the jailbreaks which don't actively risk users. I don't imagine much will change as a result from this, though. I think Apple understands that going overboard to lock something down doesn't really keep the hackers out, but when you take it to a point, you do start to hurt legitimate users.
Mac OS X and iOS don't usually need the same patches. The shared components are very mature and rarely patched for security reasons. This PDF vulnerability was a multiway attack. That is a pretty rare feat. Apple probably didn't realize this security hole could compromise the iPhone as it did. This was an unusual hack and doesn't speak badly of Apple not quickly syncing this particular fix between the two code bases. I have written for Core Text, and iOS has a slightly different feature set in the font architecture, so it likely wasn't trivial to patch both either.
I agree with both you and DocNo42 on this issue. While it does seem like a rare issue it also does look like comex found the exploit because Apple explicitly filled the hole on the desktop version of Safari.
I wonder if Apple should have an option in place to push OTA updates for very specific issues like this. At least have an SMS or push notification sent that has you input your iTunes Store credentials into the App Store app to get a very specific and relatively small update to fix this particular problem with unparalleled speed and efficiency.
Agreed. It should be a felony to knowingly release exploit code into the wild. EVER. For that matter, make it a capital offense.
All types of spammers, virus writers, and hackers who attack systems they don't own should be in jail. Period.
I think you are too soft. We need to bring back keel-hauling, skinning alive, death by prolonged torture, forced listening to a tape recording of your opinions.
Agreed. It should be a felony to knowingly release exploit code into the wild. EVER. For that matter, make it a capital offense.
All types of spammers, virus writers, and hackers who attack systems they don't own should be in jail. Period.
Quote:
Originally Posted by libertyforall
Are you kidding me? How draconian and unjustified.
I think the previous poster has been quite mild in his request; hackers and their ilk should be flogged publicly and having the video posted on the internet
Looks like a very well engineered exploit. The difference between this and Android is that you don't have to try very hard to create malware for the Android phone.
I don't see why this would halt corporate phone deployment. They are still more secure then other smart phones. Now that this bug is in the open it will be patched quickly. Such a complex hack will take anyone hoping to exploit it longer then Apple to release a patch.
An iOS phone isn's more secure than other smartphones. That title is still held (quite well) by Blackberry. An exploit that can hack a users phone from the browser IS something that will give corporations pause.
The bugs been known about by apple for awhile, they already patched it in OSx. Aka, they are aware of the issue (and them patching osx and not ios was most likely where the devs got the idea for the exploit)
And never underestimate how quickly devs can find and market exploits. Cydia has turned Jailbreaking into a very profitable venture for a lot of devs thanks to the app store. People are very motivated to jailbreak phones as soon as an update is released.
Quote:
Apple has been doing a lot of work on automated bug finding in there developer tools. There is a pretty big push inside Apple to do unit tests that check for exploits. There are even rumors that they are creating their own programming language that will eliminate many common bugs. It is already good and things will only get better.
So they're going to completely drop the code they've spend over 3 years developing, completely write off hundreds of thousands of applications, etc. Just to develop a new code. Not to mention the countless hours wasted reinventing the wheel to try and write a new programming code and to run it through bug tests all over again rather than start with their established platform and try and make it more secure.
The issue isn't bugs, it's security flaws and there are ALWAYS security flaws, and as long as machines are creates and used by people there will always be security flaws. Jailbreaking is a question of when, not if.
I think the previous poster has been quite mild in his request; hackers and their ilk should be flogged publicly and having the video posted on the internet
Then you should hate all computer programmers (including apple) How do you think Steve, Bill Gates, etc got their start?
Does anybody know if Charlie Miller was a poweruser over on Dealchat back about 10 years ago? A Charlie there was a major opponent of hackers in general, feeling it to be evil. Of course, in this case, exposing the hack so that Apple can fix it is a showy, but mostly benign, way to get this taken care of.
Agreed. It should be a felony to knowingly release exploit code into the wild. EVER. For that matter, make it a capital offense.
All types of spammers, virus writers, and hackers who attack systems they don't own should be in jail. Period.
Does it occur to you that, without events like this, you'd simply be unsafe, without knowing it? That this vulnerability would have existed (perhaps known only to the Chinese government) and been left wide open, unless hackers had found it and turned it in?
Does it seem possible that thanks to hackers, you have a very substantially safe system to do your work on? Which, otherwise, you would not have?
If it was a "capital offense" they wouldn't be in jail - they'd be dead. Do you think you're being a little extreme?
Is no one capable of recognizing exaggeration?
The point is that hackers, virus writers, spammers, and other malefactors get off with little or no penalty. If we start penalizing them severely, maybe we could make a dent in the crapfest the Internet has become.
Is this the first true "in the wild" malware release on a smartphone?
No, because the 'mal' part implies something which has a harmful intent. This hack is not harmful. Many people find it actually useful and a boon to them.
Hats off to the hacker for being, really, really clever.
Maybe Miller is the one responsible for the hack. He certainly has a gigantic anti-Apple chip on his shoulders for all to see.
This will probably get roundly dismissed as mere paranoia, but I think it's both interesting and highly suspicious that this hack is so far above what any other iPhone hackers have been able to do so far.
I mean we have to believe that somehow almost by accident, the typical iPhone hackers stumbled on this sublime and intricate attack vector, (something that only one of the best security hackers on the planet could figure out)??
It seems more likely to me that Charlie Miller or someone of similar calibre was involved at some level and that worries me.
They wouldn't have to stumble across the most critical part, that being the PDF exploit. Apple published info when the did the OSX update (I am not sure if Miller then released the full exploit details or not). The devs might have seen that update and then tested iOS to see if it was also vulnerable. Miller might have assisted. Why shouldn't he?
If you're suggesting that you should think carefully about the potential risks and benefits of making use of a jailbreaking tool on your iPhone, then quite frankly you're just stating the obvious. Everybody should exercise informed consent before they install any software on their computer system.
However, you're missing the bigger picture. Somebody else could now create a similar exploit with malicious intent, and they could deliver it on a website that, on the surface, has absolutely nothing to do with jailbreaking. Somebody could be hacked without even knowing that there was a potential to do so just by visiting an innocuous-enough looking website. Even if they have never made any previous attempt to jailbreak their iPhone. No more informed consent.
So what you really mean to say is,
"If you haven't installed Apple's presumably forthcoming patch to fix this issue, browse the Internet at your own risk."
What is ironic is how those hackers just try to hurt Apple, but this guy likes to pretend that he's there to help. People would do well to ignore this sort of "help" and to trust Apple instead.
That is horribly stupid advice. Without jailbreaking your phone and installing the PDF warning, you are exposing your phone to any code a hacker wants to execute. Plenty of legit web sites get hacked or hack hacked adds so you are completely open if you surf the web. Anyone who cares at all about the data on their phone should either 1) jailbreak and install the warning before doing anything else, or 2) immediately stop using Safari and any other apps that have web browsing capabilities until 4.1 is released.
What is ironic is that Apple knew about this vulnerability for months but has not patched it yet, and your response is to TRUST APPLE?
Does it occur to you that, without events like this, you'd simply be unsafe, without knowing it? That this vulnerability would have existed (perhaps known only to the Chinese government) and been left wide open, unless hackers had found it and turned it in?
Does it seem possible that thanks to hackers, you have a very substantially safe system to do your work on? Which, otherwise, you would not have?:
That's not even close to being true.
If they were responsible, they would have notified Apple rather than releasing it into the wild. Since Apple has apparently fixed it in the beta of 4.1, Apple is apparently aware of it, anyway.
That would achieve the goal of making the system safer without releasing the exploit into the wild.
There is absolutely no justification for releasing malware or other exploits into the wild. NONE.
If they were responsible, they would have notified Apple rather than releasing it into the wild. Since Apple has apparently fixed it in the beta of 4.1, Apple is apparently aware of it, anyway.
But the vulnerability, according to those who claim to know, is the same vulnerability that Apple had already fixed in their Mac OS X version of Safari. Apple went pubic in advertising the existence of the vulnerability at the same time they announced the fix for Mac OS X.
Quote:
There is absolutely no justification for releasing malware or other exploits into the wild. NONE.
The only documented instance of an implementation that uses this exploit on an iPhone in the wild is not malware. The end-user of the iPhone gets out of the exploit exactly what they set out to obtain -- a jailbroken device. Therefore, by definition, it is not malware.
If somebody else comes along and uses the same exploit to deliver something that the end-user did not intend to obtain, then the full force of the law should be brought down upon them once caught.
Apple should close this vulnerability as soon as possible, to protect all users from the "somebody else" portion of this scenario. In doing so, Apple will also be shutting down this particular method for intentional jailbreaking undertaken with informed consent. That is an unfortunate (from my perspective) side-effect, but it's totally justified when weighed against the possible damage that "somebody else" could do with it.
Comments
Three of the four iDevices I looked at while waiting for the Genius Bar had been jailbroken.
I thought it was fairly amusing.
I didn't notice anyone else explaining it so here it is: click user's name, click "public profile", click "user lists", then click "add to ignore list". It's tougher than I remember, it took me a bit of stumbling to find this method.
User CP-->Edit Ignore list
Thank you. I'll enjoy this forum more with less apparent trolls.
And how do you know they have other methods? Most jail breaking communities stop looking for a jailbreak once a stable method is discovered, no matter what that method is. If they had other methods, they would've released them already. Apple's had years to work on their security, and every time an exploit is found they fix it (and try to find others like it)
If you come across an exploit that works, you run with it.
Because that's been their history. They've always carefully balanced the exploits they've used and, when possible, kept tricks up their sleeve. It has been the subject of some fallout in the community. You're actually talking to someone who is more familiar with these things than you might know. Oh, and also, they said they've got angles, so that probably counts too.
I don't want to turn this into a fanboy debate, so please don't mistake this.. But as a point of example, lets look at the Dev community for Android on the motorola droid. They found an exploit in the 2.0 code that allowed them to create root access. When the phone was updated to 2.1 they didn't even try to root 2.1. instead, what they did was simply flashed an alternate recovery, and rolled back the phone to 2.01 and used the same rooting method.
Could they come up with another method (in 2.0 there was a 1 click root, it was a lot more complex with 2.1) sure. In fact, a group did do this eventually, but most didn't even attempt it. Why? Because once root was attained, why spend hours trying to find another method when you already had one that works?
It will depend on features and user interest. I imagine 4.1 is going to garner enough interest that there will be a strong demand for a jailbreak. Similarly, the previous 3.whatever was never a priority for them to jailbreak because it didn't add much of value. Another matter to consider, though, is that I expect there is far more talent and effort going into iPhone jailbreaks than for any other mobile phone due to the demand, user-base, company profile, and interest.
Jailbreaking is completely different from piracy. When you Jailbreak a phone you are taking control of a product you own (no matter the method). Piracy is acquiring something you don't own. The two are completely different.
Great, but I never said they were the same thing.
(Though for many who jailbreak they are, but that's another matter.)
Hey, remember the guy who stole an iPhone 4 prototype and sold it to Gizmodo? What an idiot, huh?
Ever thought of what would have happened if he had bought a plane ticket to some far away dictatorship country instead? Think of cheap knock-offs galore, in white too... and jailbroken...
Surely exposing a security flaw publicly isn't the friendliest thing to do, but those guys aren't actually being payed by Apple, are they? And they could have been payed by someone else to make other uses of the hack...
Yeah, I remember of course, but I'm not sure what the suggestion here is? Maybe I'm just tired. My only point in regard to all of this is that exposing a dangerous security hole (or promoting it, expanding upon it, whatever) is a shady thing to do. That's a fact—it risks harming others in some way; material, in this case. I won't be complaining when I use the jailbreak.
I dunno, if Apple was really concerned bout jailbreaking I'm sure they could stop the vast majority of it. I don't think it's that big a priority for them.
Until now? The ease of this exploit might bring some unwelcome attention from SJ himself, so I'm not sure this was the smartest thing for jailbreak community to do...
The Steve has disliked jailbreaking for quite some time now and you can bet he's planning to come down on this one with a mid-release update to kill it due to the security threat (and the PR threat). Apple seems to be a little more lax about the jailbreaks which don't actively risk users. I don't imagine much will change as a result from this, though. I think Apple understands that going overboard to lock something down doesn't really keep the hackers out, but when you take it to a point, you do start to hurt legitimate users.
Mac OS X and iOS don't usually need the same patches. The shared components are very mature and rarely patched for security reasons. This PDF vulnerability was a multiway attack. That is a pretty rare feat. Apple probably didn't realize this security hole could compromise the iPhone as it did. This was an unusual hack and doesn't speak badly of Apple not quickly syncing this particular fix between the two code bases. I have written for Core Text, and iOS has a slightly different feature set in the font architecture, so it likely wasn't trivial to patch both either.
I agree with both you and DocNo42 on this issue. While it does seem like a rare issue it also does look like comex found the exploit because Apple explicitly filled the hole on the desktop version of Safari.
I wonder if Apple should have an option in place to push OTA updates for very specific issues like this. At least have an SMS or push notification sent that has you input your iTunes Store credentials into the App Store app to get a very specific and relatively small update to fix this particular problem with unparalleled speed and efficiency.
Agreed. It should be a felony to knowingly release exploit code into the wild. EVER. For that matter, make it a capital offense.
All types of spammers, virus writers, and hackers who attack systems they don't own should be in jail. Period.
I think you are too soft. We need to bring back keel-hauling, skinning alive, death by prolonged torture, forced listening to a tape recording of your opinions.
Agreed. It should be a felony to knowingly release exploit code into the wild. EVER. For that matter, make it a capital offense.
All types of spammers, virus writers, and hackers who attack systems they don't own should be in jail. Period.
Are you kidding me? How draconian and unjustified.
I think the previous poster has been quite mild in his request; hackers and their ilk should be flogged publicly and having the video posted on the internet
Looks like a very well engineered exploit. The difference between this and Android is that you don't have to try very hard to create malware for the Android phone.
I don't see why this would halt corporate phone deployment. They are still more secure then other smart phones. Now that this bug is in the open it will be patched quickly. Such a complex hack will take anyone hoping to exploit it longer then Apple to release a patch.
An iOS phone isn's more secure than other smartphones. That title is still held (quite well) by Blackberry. An exploit that can hack a users phone from the browser IS something that will give corporations pause.
The bugs been known about by apple for awhile, they already patched it in OSx. Aka, they are aware of the issue (and them patching osx and not ios was most likely where the devs got the idea for the exploit)
And never underestimate how quickly devs can find and market exploits. Cydia has turned Jailbreaking into a very profitable venture for a lot of devs thanks to the app store. People are very motivated to jailbreak phones as soon as an update is released.
Apple has been doing a lot of work on automated bug finding in there developer tools. There is a pretty big push inside Apple to do unit tests that check for exploits. There are even rumors that they are creating their own programming language that will eliminate many common bugs. It is already good and things will only get better.
So they're going to completely drop the code they've spend over 3 years developing, completely write off hundreds of thousands of applications, etc. Just to develop a new code. Not to mention the countless hours wasted reinventing the wheel to try and write a new programming code and to run it through bug tests all over again rather than start with their established platform and try and make it more secure.
The issue isn't bugs, it's security flaws and there are ALWAYS security flaws, and as long as machines are creates and used by people there will always be security flaws. Jailbreaking is a question of when, not if.
I think the previous poster has been quite mild in his request; hackers and their ilk should be flogged publicly and having the video posted on the internet
Then you should hate all computer programmers (including apple) How do you think Steve, Bill Gates, etc got their start?
Agreed. It should be a felony to knowingly release exploit code into the wild. EVER. For that matter, make it a capital offense.
All types of spammers, virus writers, and hackers who attack systems they don't own should be in jail. Period.
Does it occur to you that, without events like this, you'd simply be unsafe, without knowing it? That this vulnerability would have existed (perhaps known only to the Chinese government) and been left wide open, unless hackers had found it and turned it in?
Does it seem possible that thanks to hackers, you have a very substantially safe system to do your work on? Which, otherwise, you would not have?
Agreed. It should be a felony to knowingly release exploit code into the wild. EVER. For that matter, make it a capital offense.
All types of spammers, virus writers, and hackers who attack systems they don't own should be in jail. Period.
Then you should hate all computer programmers (including apple) How do you think Steve, Bill Gates, etc got their start?
so you're saying that both Jobs & Gates (and every computer programmers) were hackers, spammers and virus writers in their earlier years?
If it was a "capital offense" they wouldn't be in jail - they'd be dead. Do you think you're being a little extreme?
Is no one capable of recognizing exaggeration?
The point is that hackers, virus writers, spammers, and other malefactors get off with little or no penalty. If we start penalizing them severely, maybe we could make a dent in the crapfest the Internet has become.
Is this the first true "in the wild" malware release on a smartphone?
No, because the 'mal' part implies something which has a harmful intent. This hack is not harmful. Many people find it actually useful and a boon to them.
Hats off to the hacker for being, really, really clever.
Maybe Miller is the one responsible for the hack. He certainly has a gigantic anti-Apple chip on his shoulders for all to see.
This will probably get roundly dismissed as mere paranoia, but I think it's both interesting and highly suspicious that this hack is so far above what any other iPhone hackers have been able to do so far.
I mean we have to believe that somehow almost by accident, the typical iPhone hackers stumbled on this sublime and intricate attack vector, (something that only one of the best security hackers on the planet could figure out)??
It seems more likely to me that Charlie Miller or someone of similar calibre was involved at some level and that worries me.
They wouldn't have to stumble across the most critical part, that being the PDF exploit. Apple published info when the did the OSX update (I am not sure if Miller then released the full exploit details or not). The devs might have seen that update and then tested iOS to see if it was also vulnerable. Miller might have assisted. Why shouldn't he?
Proceed at your own risk!
If you're suggesting that you should think carefully about the potential risks and benefits of making use of a jailbreaking tool on your iPhone, then quite frankly you're just stating the obvious. Everybody should exercise informed consent before they install any software on their computer system.
However, you're missing the bigger picture. Somebody else could now create a similar exploit with malicious intent, and they could deliver it on a website that, on the surface, has absolutely nothing to do with jailbreaking. Somebody could be hacked without even knowing that there was a potential to do so just by visiting an innocuous-enough looking website. Even if they have never made any previous attempt to jailbreak their iPhone. No more informed consent.
So what you really mean to say is,
"If you haven't installed Apple's presumably forthcoming patch to fix this issue, browse the Internet at your own risk."
What is ironic is how those hackers just try to hurt Apple, but this guy likes to pretend that he's there to help. People would do well to ignore this sort of "help" and to trust Apple instead.
That is horribly stupid advice. Without jailbreaking your phone and installing the PDF warning, you are exposing your phone to any code a hacker wants to execute. Plenty of legit web sites get hacked or hack hacked adds so you are completely open if you surf the web. Anyone who cares at all about the data on their phone should either 1) jailbreak and install the warning before doing anything else, or 2) immediately stop using Safari and any other apps that have web browsing capabilities until 4.1 is released.
What is ironic is that Apple knew about this vulnerability for months but has not patched it yet, and your response is to TRUST APPLE?
Does it occur to you that, without events like this, you'd simply be unsafe, without knowing it? That this vulnerability would have existed (perhaps known only to the Chinese government) and been left wide open, unless hackers had found it and turned it in?
Does it seem possible that thanks to hackers, you have a very substantially safe system to do your work on? Which, otherwise, you would not have?:
That's not even close to being true.
If they were responsible, they would have notified Apple rather than releasing it into the wild. Since Apple has apparently fixed it in the beta of 4.1, Apple is apparently aware of it, anyway.
That would achieve the goal of making the system safer without releasing the exploit into the wild.
There is absolutely no justification for releasing malware or other exploits into the wild. NONE.
That's not even close to being true.
If they were responsible, they would have notified Apple rather than releasing it into the wild. Since Apple has apparently fixed it in the beta of 4.1, Apple is apparently aware of it, anyway.
But the vulnerability, according to those who claim to know, is the same vulnerability that Apple had already fixed in their Mac OS X version of Safari. Apple went pubic in advertising the existence of the vulnerability at the same time they announced the fix for Mac OS X.
There is absolutely no justification for releasing malware or other exploits into the wild. NONE.
The only documented instance of an implementation that uses this exploit on an iPhone in the wild is not malware. The end-user of the iPhone gets out of the exploit exactly what they set out to obtain -- a jailbroken device. Therefore, by definition, it is not malware.
If somebody else comes along and uses the same exploit to deliver something that the end-user did not intend to obtain, then the full force of the law should be brought down upon them once caught.
Apple should close this vulnerability as soon as possible, to protect all users from the "somebody else" portion of this scenario. In doing so, Apple will also be shutting down this particular method for intentional jailbreaking undertaken with informed consent. That is an unfortunate (from my perspective) side-effect, but it's totally justified when weighed against the possible damage that "somebody else" could do with it.
so you're saying that both Jobs & Gates (and every computer programmers) were hackers, spammers and virus writers in their earlier years?
Hackers most defiantly. I doubt they wrote viruses or spammed people.
A lot of todays big computer programmers got their start hacking systems. hacking does not always mean malicious intent.