Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Software Businesses Cellphones Communications Apple

Unreleased iPhone 2.0 May Already Be Hacked 183

Posted by Zonk from the who-gave-the-hackers-time-travel-machines dept.
The as-yet unreleased second iteration of iPhone hardware may already be compromised, reports Engadget and News.com. Members of the 'iPhone Dev Team' have (supposedly) made use of the recently released SDK to gin up a Beta 2.0 software hack. "Unlike previous hacks, this one isn't specific to the latest firmware version, it exploits the way that Apple designed the iPhone's main bootloader. According to the iPhone Dev Team, the iPhone verifies whether or not firmware code has been signed with an RSA certificate before allowing it to be written to memory. The team has apparently figured out a way to disable that check and allow unsigned code to be written to memory."
This discussion has been archived. No new comments can be posted.

Unreleased iPhone 2.0 May Already Be Hacked More

Unreleased iPhone 2.0 May Already Be Hacked

Comments Filter:

  • Firmware 2.0 (Score:4, Informative)

    by the_g_cat ( 821331 ) on Sunday March 16, 2008 @07:42PM (#22768666) Homepage
    They hacked firmware 2.0, which will run on current iPhones, there's no mention of new hardware for this stuff...

  • Re:Feasable? (Score:3, Informative)

    by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Sunday March 16, 2008 @08:17PM (#22768930) Homepage

    The best you could do would be to alter the hardware (the actual CPU, not some external module) to verify cryptographic signatures. That would prevent you from accidently loading software like this, but it has it's own problems. For one, you have to stick your cryptographic key on the CPU. If they get compromised, they can't be updated. If they can be updated, then someone who cracks the device can just update to their own key and they are now in charge.

    You could have a second CPU, acting as a watchdog, monitor the bus and make sure code is signed, nothing weird is going on, etc. That would be very difficult though.

    Your best option that could be implemented now would be sending hashes across the network to verify stuff all the time. Since most people aren't going to have the ability to play man-in-the-middle with the cell phone network, this would be reasonably secure. That said, it would be a pain (especially with 3rd party programs going to be available). It would also tie up the cell network.

    What they've done seems quite reasonable to me, for the amount of time it probably took to implement.

  • Re:Pertinent word... (Score:5, Informative)

    by Chrononium ( 925164 ) on Sunday March 16, 2008 @09:33PM (#22769356)
    I know that you made this comment in jest, but a few years back when I was a hardware engineer at Apple, we literally only had 5 or 6 IT guys for the whole campus, which probably implied 5 or 6 guys for approximately 5000 computers. Sure, a lot of that was because you were more or less trusted to operate a computer (at least in engineering, but I think it applied in other buildings too), but that's still a massive accomplishment. The university lab I'm at now is dedicated to computational electromagnetics and they do fairly well with only two guys for the 200 or so computers here. But that's largely because we can't do much of anything without their say so. I think the Mac, when properly understood and matched up with the proper IT philosophy, can do wonders. And I bet you can't guess how many people ran the iTunes Music store hardware. It was pretty darn awesome.

  • Re:Pertinent word... (Score:5, Informative)

    by tlhIngan ( 30335 ) <slashdot.worf@net> on Sunday March 16, 2008 @11:57PM (#22770118)

    "Unsupported" != "Deliberate device disablement via updates for hacked devices"


    Here we go again.

    Has it been proven it was deliberate? Because there was an update later on (1.1.2, I believe) that fixed all the "bricked" phones. Which would mean that whoever unlocked their phone, the software was done poorly enough that the updates were screwed up. Even the iPhone Elite Team says it's due to a messed up unlock patch [google.com]. A hack

    And Apple said it will brick phones if they unlocked the phone and update. The solution was to avoid updating until later...

    Heck, Nintendo has to start warning too that their updates may brick the Wii, as well, if there were any third-party modifications done to it.

  • Re:Pertinent word... (Score:3, Informative)

    by Lehk228 ( 705449 ) on Monday March 17, 2008 @01:24AM (#22770494) Journal
    is the apple way anything like the habbo way, cau's i break the habbo way all the time trying to warn people away from the pool.

  • Re:Nice (Score:2, Informative)

    by Pepsiman ( 89597 ) on Monday March 17, 2008 @05:58AM (#22771422)
    Yes, the RSA encryption on the DS is only used when downloading a game from another DS.

    The RSA encryption on the Wii is used for everything, but has an implementation bug.

    This bug is exploited by Datel to create Freeloader and by homebrewers to create Wii channels, fake update partitions, etc.

  • Re:Pertinent word... (Score:3, Informative)

    by WhatAmIDoingHere ( 742870 ) * <sexwithanimals@gmail.com> on Monday March 17, 2008 @10:15AM (#22772918) Homepage
    They don't make it easy to refuse the update? "There is an update for your iPhone (version number here) do you want to download and install it, just download it and install it later, or ignore it? Pick one."

    It's VERY easy to refuse an update. Now, if they were forced down over AT&T, that'd be a different story.

Slashdot Top Deals

Work without a vision is slavery, Vision without work is a pipe dream, But vision with work is the hope of the world.

Close