Google releases tool that helps security researchers hack iOS devices

Posted:
in iPhone edited December 2017
Google this week released a proof of concept tool that allows security researchers, and other developers, to hack into iOS 11.1.2, software that could lead to a jailbreak for devices running that OS version.




Created by noted iOS bug hunter Ian Beer, the tool released on Monday takes advantage of an exploit called "tfp0," which has since been patched in Apple's latest iOS 11.2 release.

Beer, a member of Google's Project Zero, told Motherboard the proof of concept is designed to help security researchers test the security layers of iOS without curating their own exploits. The tool was tested on iPhone 6s, iPhone 7 and iPod touch 6G, but Beer is confident it will work on all devices.

"tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on (iPhone 7, 6s and iPod Touch 6G) but adding more support should be easy," Beer wrote.

The Google researcher pre-announced Monday's release in a tweet last week, sparking hope of a fresh exploit for Apple's famously secure operating system.

"If you're interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon," Beer said at the time.

For the jailbreaking community, an un-patched exploit represents a rare and valuable opportunity to bootstrap an iPhone jailbreak. Because Apple's OS is so secure, researchers who find exploits or bugs often opt to sell them to third parties, or collect a bug bounty from Apple, instead of making them publicly available.

For Google, the tool is a means to an end for security researchers looking for previously unreported bugs. The exploit effectively acts as an inroad into iOS, providing developers access to root around in the OS until Apple issues a fix. Though iOS 11.2 patches the hole, Apple is still signing for iOS 11.1.2, meaning users can install the vulnerable iOS version on current hardware.

Due to its maturity as a platform and built-in security protocols, iOS jailbreaks are few and far between. According to Can I Jailbreak, a site dedicated to tracking iOS jailbreaks, the latest jailbreak affects iOS 10 and does not function on iPhone 7.

Despite early popularity with users who wanted to add customizations to their iPhone beyond those offered within Apple's walled garden, jailbreaking has become somewhat of a dying art. Last month, Cydia repositories ModMy, formerly ModMyi, and ZodTTD/MacCiti announced they would no longer accept new packages.

While a jailbreak for iOS 11 has yet to surface, Beer's contribution will likely hasten the process.
«1

Comments

  • Reply 1 of 31
    I sometimes view who contributed to finding the bugs in macOS and iOS, and a large number of them are due to Beer. He must be a very good programmer. I'm glad that he helps Apple fix the security issues.
    adm1jony0
  • Reply 2 of 31
    lkrupplkrupp Posts: 5,981member
    Another example of why users of any platform should always keep their devices and software up to date as much as possible. There are absolutely no valid reasons for anyone to refuse to update. And for those who refuse, well, you get what you get and have only yourself to blame.
    SoliMisterKitmacplusplusjbdragonmagman1979jony0watto_cobra
  • Reply 3 of 31
    sflocalsflocal Posts: 4,094member
    lkrupp said:
    Another example of why users of any platform should always keep their devices and software up to date as much as possible. There are absolutely no valid reasons for anyone to refuse to update. And for those who refuse, well, you get what you get and have only yourself to blame.
    Especially the ones having a fit and not upgrading because they don't like the new(er) UI. 
    SoliMisterKitJFC_PAmacplusplusmagman1979watto_cobra
  • Reply 4 of 31
    lkrupp said:
    Another example of why users of any platform should always keep their devices and software up to date as much as possible. There are absolutely no valid reasons for anyone to refuse to update. And for those who refuse, well, you get what you get and have only yourself to blame.
    There is one excuse... OS updates require a WiFi network.

    So annoying...
  • Reply 5 of 31
    SoliSoli Posts: 7,305member
    lkrupp said:
    Another example of why users of any platform should always keep their devices and software up to date as much as possible. There are absolutely no valid reasons for anyone to refuse to update. And for those who refuse, well, you get what you get and have only yourself to blame.
    There is one excuse... OS updates require a WiFi network.

    So annoying…
    If you have a Mac and an iDevice where you can DL via cellular and the option to tether, there is a way.
    watto_cobra
  • Reply 6 of 31
    Why is Google developing ways to crack IOS? Help others to find bugs - Yea, right.
    genovelleMacProMisterKitmagman1979watto_cobra
  • Reply 7 of 31
    freerangefreerange Posts: 1,578member
    Google,do no evil. Just like Trump.
    genovelleMacProargonautmagman1979watto_cobra
  • Reply 8 of 31
    SoliSoli Posts: 7,305member
    tbsteph said:
    Why is Google developing ways to crack IOS? Help others to find bugs - Yea, right.
    I'm all for it. The more people finding and disclosing bugs the more hardened iOS becomes.
    docno42iqatedo
  • Reply 9 of 31
    Google IS evil. 
    lostkiwiargonautmagman1979watto_cobra
  • Reply 10 of 31
    lkrupp said:
    Another example of why users of any platform should always keep their devices and software up to date as much as possible. There are absolutely no valid reasons for anyone to refuse to update. And for those who refuse, well, you get what you get and have only yourself to blame.
    This rhetoric is true in the abstract.  As a point of practicality, it's fairly useless fear mongering.  Every year some new exploit is found, every year the ComSec guys use a mix of new and old exploits to break out of the system constraints.  Every year some zero day pops up.  You know what doesn't happen?  Actual real live in the wild issues since almost all of the identified exploits require physical access.  Now is updating your software a good idea?  For the most part yes.  But contrary to your proclamation, there are indeed valid reasons to refuse an update.  Chief among them is the updated software degrading the user experience. 

    For those who refuse and get what they get... what are they getting exactly?  To date, I have heard of any true repercussions from not updating.  Have you?  
  • Reply 11 of 31
    gatorguygatorguy Posts: 18,588member
    tbsteph said:
    Why is Google developing ways to crack IOS? Help others to find bugs - Yea, right.

    This article helps explain it

    https://motherboard.vice.com/en_us/article/d3x3dw/google-releases-iphone-ios-jailbreak-tool


    And in addition to that article:

    "Although the exploit was made public today, it appears to have been known amongst researchers and hackers for some time.

    Chinese jailbreaker Pangu said it has known of the bug since 2016, possibly via a hacker who goes by the moniker "windknown".

    Pangu claimed to have used the vulnerability to jailbreak an iPhone in an internal research environmment."

    https://www.itnews.com.au/news/google-releases-apple-ios-jailbreak-exploit-479611

    edited December 2017 revenantcornchip
  • Reply 12 of 31
    macxpressmacxpress Posts: 4,338member
    lkrupp said:
    Another example of why users of any platform should always keep their devices and software up to date as much as possible. There are absolutely no valid reasons for anyone to refuse to update. And for those who refuse, well, you get what you get and have only yourself to blame.
    No remember...were supposed to wait for the dot dot dot update so there's no bugs in the OS. /s
    watto_cobra
  • Reply 13 of 31
    lkrupp said:
    Another example of why users of any platform should always keep their devices and software up to date as much as possible. There are absolutely no valid reasons for anyone to refuse to update. And for those who refuse, well, you get what you get and have only yourself to blame.
    Well, there is at least one valid reason: older devices tend to not work as well with the updated software, in normal use. My last iPad worked fine with everything except eBay, but I eventually got sick of the problems with eBay, so I updated it, which made it basically useless as a result. The update made it so slow that I never used it, but the battery also burned much faster, so I was charging it more frequently, even though I completely stopped using it between charges. 

    Now I've been holding off on updating my iPhone 6 because I don't want another experience like that (and I prefer my phone to current models, for good reasons that would surely make you sneer). Yes, I have only myself to blame if I "get what I get", but if I update my OS and the phone becomes painfully sluggish, I'll still only have myself to blame--sure, I could try to blame Apple, but that wouldn't do me any good, and wouldn't it really also be my fault for making the same mistake twice?

    I get why people feel proud to be so knowledgeable about tech that they can scoff at those who don't update, but it's not really informed by other people's real-life situations.


    edited December 2017 muthuk_vanalingamlorin schultzGeorgeBMacargonautcornchip
  • Reply 14 of 31
    Rayz2016Rayz2016 Posts: 3,592member
    Fine by me. 

    The more people hacking at it, the more secure it becomes. (As long as Apple’s doing its job). 
    Soliwatto_cobra
  • Reply 15 of 31
    SoliSoli Posts: 7,305member
    Rayz2016 said:
    Fine by me. 

    The more people hacking at it, the more secure it becomes. (As long as Apple’s doing its job).
    Sometimes that's the rub. I seem to recall Apple ignoring some long-standing security holes, but my memory could be wrong or that could be in the past since Apple also now pays for vulnerabilities.
  • Reply 16 of 31
    Rayz2016Rayz2016 Posts: 3,592member
    Soli said:
    Rayz2016 said:
    Fine by me. 

    The more people hacking at it, the more secure it becomes. (As long as Apple’s doing its job).
    Sometimes that's the rub. I seem to recall Apple ignoring some long-standing security holes, but my memory could be wrong or that could be in the past since Apple also now pays for vulnerabilities.
     Not sure “ignore” is the right word. More like “prioritise”. Also, the last thing you want to do is introduce a hole the size of a house while fixing a hole the size of a pinhole. 
  • Reply 17 of 31
    SoliSoli Posts: 7,305member
    Rayz2016 said:
    Soli said:
    Rayz2016 said:
    Fine by me. 

    The more people hacking at it, the more secure it becomes. (As long as Apple’s doing its job).
    Sometimes that's the rub. I seem to recall Apple ignoring some long-standing security holes, but my memory could be wrong or that could be in the past since Apple also now pays for vulnerabilities.
     Not sure “ignore” is the right word. More like “prioritise”. Also, the last thing you want to do is introduce a hole the size of a house while fixing a hole the size of a pinhole. 
    Point taken. I'd have to find one of these bugs and have some argument that would back up a stance that the security hole was important enough to take a higher priority, that by ignoring it it was a willful act, and that they could've reasonably closed the hole without creating a another issue. None of that I'm willing to even look into so I withdraw the loaded term.

    PS: Recently we did see Apple create a quick path for that root access bug, which causes file sharing to stop working properly, which I think had both an Apple stated work around using Terminal and an additional security update to resolve.
    cornchip
  • Reply 18 of 31
    Rayz2016Rayz2016 Posts: 3,592member
    Soli said:
    Rayz2016 said:
    Soli said:
    Rayz2016 said:
    Fine by me. 

    The more people hacking at it, the more secure it becomes. (As long as Apple’s doing its job).
    Sometimes that's the rub. I seem to recall Apple ignoring some long-standing security holes, but my memory could be wrong or that could be in the past since Apple also now pays for vulnerabilities.
     Not sure “ignore” is the right word. More like “prioritise”. Also, the last thing you want to do is introduce a hole the size of a house while fixing a hole the size of a pinhole. 
    Point taken. I'd have to find one of these bugs and have some argument that would back up a stance that the security hole was important enough to take a higher priority, that by ignoring it it was a willful act, and that they could've reasonably closed the hole without creating a another issue. None of that I'm willing to even look into so I withdraw the loaded term.

    PS: Recently we did see Apple create a quick path for that root access bug, which causes file sharing to stop working properly, which I think had both an Apple stated work around using Terminal and an additional security update to resolve.
    Yes, and this was an example of priorities. The root access bug was so bad that Apple decided that any other bug introduced through a fast fix was unlikely to be worse. 
    edited December 2017
  • Reply 19 of 31
    I find it appalling that a company with a product like Android that has the largest security problems in the industry and the largest number of exposed users would focus any resources on finding ways to hack a competitor and partner for search and other services. Then to release them and put my devices at risk like they leave there’s is irresponsible!  This is why I don’t use them for anything. They can not be trusted. Period!

     
    edited December 2017 GeorgeBMacargonautwatto_cobra
  • Reply 20 of 31
    lkrupp said:
    Another example of why users of any platform should always keep their devices and software up to date as much as possible. There are absolutely no valid reasons for anyone to refuse to update. And for those who refuse, well, you get what you get and have only yourself to blame.
    According to you, I have to upgrade my iPad Air with iOS 10 (having passable performance) to iOS 11, make it damn slow, unusable and throw it to dustbin because it has become unusable!!! Sounds just about right???????
    singularityretrogusto
Sign In or Register to comment.