Forgot your password?
typodupeerror
Software Businesses Cellphones Communications Apple

Unreleased iPhone 2.0 May Already Be Hacked 183

Posted by Zonk
from the who-gave-the-hackers-time-travel-machines dept.
The as-yet unreleased second iteration of iPhone hardware may already be compromised, reports Engadget and News.com. Members of the 'iPhone Dev Team' have (supposedly) made use of the recently released SDK to gin up a Beta 2.0 software hack. "Unlike previous hacks, this one isn't specific to the latest firmware version, it exploits the way that Apple designed the iPhone's main bootloader. According to the iPhone Dev Team, the iPhone verifies whether or not firmware code has been signed with an RSA certificate before allowing it to be written to memory. The team has apparently figured out a way to disable that check and allow unsigned code to be written to memory."
This discussion has been archived. No new comments can be posted.

Unreleased iPhone 2.0 May Already Be Hacked

Comments Filter:
  • Pertinent word... (Score:4, Interesting)

    by the_skywise (189793) on Sunday March 16, 2008 @06:31PM (#22768580)
    WAS...

    I'm sure the iPhone 2 will be held back until this is fixed.
    • by hey! (33014) on Sunday March 16, 2008 @06:39PM (#22768632) Homepage Journal
      Well, it's funny that Jobs likes to lecture the music and movie industry about the futility of DRM, but then he tries to lock down the iPhone.

      If he were rational (which is not to say that irrational precludes being brilliant), I don't think he'd really care that much about iPhone hacking, unless people started to look at it as something safe and normal and that Apple should support those hacks.

      When somebody solders a modchip onto a game console motherboard, he knows very well that he's on his own. But when a hacked up iPhone starts to feel normal to users, then Apple loses the ability to control the release cycle. They don't want their new products to compete with hacks for their existing ones, because they've discovered the secret of the software subscription model Microsoft toyed with a few years ago: you don't call it a subscription, you call it spiffy new hardware.

      Of course, he might well be totally ape-shit over iPhone hacking, I don't know. I don't think like him, which is why I'm not rich.
      • by cybereal (621599) on Sunday March 16, 2008 @06:59PM (#22768788) Homepage

        If he were rational (which is not to say that irrational precludes being brilliant), I don't think he'd really care that much about iPhone hacking, unless people started to look at it as something safe and normal and that Apple should support those hacks.

        This is precisely the concern. Have you ever worked in support? I worked technical support for several years. The worst part of the whole ordeal was dealing with all of the unpredictability on the other end. This is the only reason we had no official Linux support. It was the reason we only needed 3 people to handle all Macintosh calls. The more predictable the workspace on the other end of the line, the better a technician can deal with a situation.

        This also applies to software development. This is what makes game consoles attractive, you have a reliable set of expectations to target. You know, when you have a device as sophisticated in software as the iPhone (it's got an entire OS, not just some execution firmware like non-smartphones) it is infinitely helpful to be able to predict what will or will not be going on there.

        So, while I'm sure Apple has no realistic expectation to avoid firmware hacking, I do believe they try to keep the expected cases in place as best as they can without getting ridiculous so the quality of software can remain high. So they can provide what they claim to provide in the device.

        While a more savvy person may realize their phone is running out of battery twice as fast because of some software they put on there themselves, the average consumer is not going to understand any of this reasoning. Apple doesn't want to deal with phone calls and complaints that root from things the user did to themselves unwittingly. The easiest way to avoid that is making it hard for users to do it to themselves. Make it an effort to get hacked firmware and unapproved software and you achieve this goal. You don't have to prevent it 100%, and therefore, there is no logical argument that Apple is being hypocritical about their DRM stance. This isn't DRM, this is the virtual version of that welded bolt on the back of a service-only machine.

        Any geek willing to break the seal is willing to forego support when they inevitably break the machine.

        • by Brian Gordon (987471) on Sunday March 16, 2008 @07:04PM (#22768848)
          I find it amusing that they even try to lock it down. Unless they seal the thing in adamantium or lock it away in a secure server facility, any system is hackable. Even if it comes down to slicing lines on a PCB or soldering in a modchip between the memory and the northbridge.. it's just absolutely absurd to hand someone a device and tell them they can't hack it.
          • by voidptr (609) on Sunday March 16, 2008 @07:24PM (#22768972) Homepage Journal
            The point isn't to make it unbreakable.

            It's to make it enough of a pain in the ass that those who manage it realize they're wading into unsupported waters.
            • by jlarocco (851450) on Sunday March 16, 2008 @08:18PM (#22769260) Homepage

              But the other poster's point is that anybody who's willing to open the device and make a modification already knows they're in unsupported waters. Making it difficult just wastes everyone's time.

              • Re: (Score:3, Insightful)

                But the other poster's point is that anybody who's willing to open the device and make a modification already knows they're in unsupported waters. Making it difficult just wastes everyone's time.

                Not at all. Of course the people making the hacks know this; but this also means that when people download these things and install them, it's enough of a hassle that they're aware of what they're getting into.
                • Not at all. Of course the people making the hacks know this; but this also means that when people download these things and install them, it's enough of a hassle that they're aware of what they're getting into.

                  I will propose to you, strongly, that there is no such point.
                  People will lie to their mother regarding the state of their firmware in order to get support. The user always knows more than the developer, and takes great pride in solving just enough of the problem to convince themselves that the firmwa

            • Re: (Score:2, Insightful)

              by base3 (539820)
              "Unsupported" != "Deliberate device disablement via updates for hacked devices"
              • Re:Pertinent word... (Score:5, Informative)

                by tlhIngan (30335) <.slashdot. .at. .worf.net.> on Sunday March 16, 2008 @10:57PM (#22770118)

                "Unsupported" != "Deliberate device disablement via updates for hacked devices"


                Here we go again.

                Has it been proven it was deliberate? Because there was an update later on (1.1.2, I believe) that fixed all the "bricked" phones. Which would mean that whoever unlocked their phone, the software was done poorly enough that the updates were screwed up. Even the iPhone Elite Team says it's due to a messed up unlock patch [google.com]. A hack

                And Apple said it will brick phones if they unlocked the phone and update. The solution was to avoid updating until later...

                Heck, Nintendo has to start warning too that their updates may brick the Wii, as well, if there were any third-party modifications done to it.
              • The problem is that it's hard to really say that it was deliberate. I think at the very worst, they knew it would mess with those devices and they didn't give a shit. Which pretty much fits in with "unsupported". The accusation that they deliberately screwed things up is, as far as I know, unsupported.
          • by omeomi (675045)
            it's just absolutely absurd to SELL someone a device and tell them they can't hack it.

            fixed that for you
        • by Namarrgon (105036) on Sunday March 16, 2008 @08:09PM (#22769196) Homepage

          Yes, allowing the user to modify a device complicates support. But this can be dealt with - look at how e.g. HP and Dell manage user support nowadays? "Reset your system to the factory-shipped state with the included Restore partition - problem solved." This is even easier to do with the iPhone.

          Thing is, users don't have to install any third-party software, if they want a "guaranteed quality experience". Why not simply allow people the choice about how they use their device? Hell, put up a warning on install - "You are now straying from the Apple Way - Abandon All Hope!" - but to assume that *every* customer is incapable of managing their own device is just insulting.

          What bugs me most is how Apple apologists go on about how the iPhone is so great because "it's got an entire OS!" (like this is new) - and then claim that every limit on this OS, every restriction and removal of user choice, is actually somehow for the user's benefit. "No 3G? Might kill battery. No Flash? Might kill performance. No plugins? Might, um, break something." It really gets old.

          Yeah yeah, vote with my wallet, I don't have to buy one. I'd really like to buy one, they've done so much right with it, but these decisions are deal-breakers for me, and the continual excuses don't give me hope that this will change.

          • by batkiwi (137781)
            My Nokia 6120 classic:
            -allows me to install java apps
            -allows me to install native symbian apps
            -is fully supported by nokia
            -was free on a $30 phone plan (very cheap to pick up too)
          • Re: (Score:3, Informative)

            by Lehk228 (705449)
            is the apple way anything like the habbo way, cau's i break the habbo way all the time trying to warn people away from the pool.
          • by lancejjj (924211)

            Yes, allowing the user to modify a device complicates support. But this can be dealt with - look at how e.g. HP and Dell manage user support nowadays? "Reset your system to the factory-shipped state with the included Restore partition - problem solved." This is even easier to do with the iPhone.

            Haha, you have never worked in tech support! Asking a user to turn back their device to the "factory default state" is asking them to dispose of their content.

            "But what about their Backups?", you might ask. You must be kidding - these are users, nothing more.

        • Re:Pertinent word... (Score:5, Interesting)

          by globaljustin (574257) <justinglobal AT gmail DOT com> on Sunday March 16, 2008 @08:23PM (#22769288) Homepage Journal

          worked technical support for several years. The worst part of the whole ordeal was dealing with all of the unpredictability on the other end.

          Saving money on doing tech. support has nothing to do with Apple's response to iphone hacks! Anyone who would have the capability to hack an iphone would know that if you hack it, you can't get support for it.

          Apple is concerned with money. More specifically, they got big bucks from AT&T to make it exclusive. AT&T have a vested interest to make sure that their investment is worth it. Apple has to prove to AT&T that all possible measures are being taken to ensure that if someone buys an iphone, they use AT&T service. That's what's in play here. Tech support is irrelevant.

          I bet Jobs personally at least sympathizes with those who want to hack iphones so they can use them with any phone services. The deal with AT&T may not have been his call in the end.

          off-topic, Parent post is a troll in disguise...basically he's ranting about frustrations of doing tech support and somehow managed to loosely connect it to the topic
          • He'd better sympathize. IIRC, he and Woz got their start building blueboxes [wikipedia.org] in a garage..
          • by 2short (466733)

            Locking down what carrier you use and locking down what software you can run are two separate things. Apple does both, but we're talking about the latter.

            I've got a stupid little iphone app that I'd love to write and hand out to clients. I can't, that sucks, and it's not the fault of AT&T. I expect the reasong they want to lock down apps is in fact tech support and/or possible revenue from selling the apps themselves. I'd have thought a more robust development ecosystem from opening it up would do m
        • Re:Pertinent word... (Score:4, Interesting)

          by nine-times (778537) <nine.times@gmail.com> on Sunday March 16, 2008 @08:24PM (#22769296) Homepage

          Any geek willing to break the seal is willing to forego support when they inevitably break the machine.

          Right. As an iPhone owner, I hacked mine a while back. It was really easy. Part of the problem, though, is that the OS has been changing often enough that most apps won't work unless they're written for the specific firmware you're using, so the payoff of hacking your phone is diminished. I think lots of developers stopped keeping up figuring they'd wait for the official SDK.

          Anyway, I don't doubt that the iPhone will keep getting hacked for as long as it's useful to hack it. I'm betting either Apple will be very reasonable about letting people distribute on iTunes, or else people will immediately hack a different distribution method for unauthorized apps. Either way you'll be able to get the apps you want with a minimum of hassle.

          It's going to happen, and the iPhone will be a cool platform. If Apple's smart (which they often show themselves to be) then they won't fight it.

        • by cgenman (325138)
          This is precisely the concern. Have you ever worked in support? I worked technical support for several years. The worst part of the whole ordeal was dealing with all of the unpredictability on the other end... The more predictable the workspace on the other end of the line, the better a technician can deal with a situation.

          I'll need to see some substantial evidence before I believe the brazen supposition that anyone in management makes business decisions based around technical support.
          • by BVis (267028)
            They do when it starts to show up on the balance shee... erm, when it makes their bonuses smaller.

            "Why are we spending all this money on support?!? Don't you guys know how to make a perfect product? SPEND LESS MONEY!"

            This leads to middle management making decisions to meet that demand. I'd assert that decreasing support costs is more important than meeting customer expectations from a financial point of view. Lying to peopl... I mean Marketing is cheaper than support.
      • by MBCook (132727)
        Could they have simply been required (by AT&T or the record companies) to implement some kind of security, and they simply didn't test it well enough because they didn't care enough? Perhaps this flaw exists because they simply considered it "good enough" and didn't think it worth the additional time to fix?
      • The really funny part of the story is how much free publicity Apple gets every time the iPhone gets 'hacked.'

        Hacking the iPhone does not damage credibility the way hacking a software package does. Instead, these hacks are beckoning people to the platform with the promise of previously unattainable functionality on a handheld.

        If I were launching a new device I would follow Apple's lead on this one... possibly even setting up a dark proxy org to regularly hack my device.
        • The better strategy would be to release an open platform with exciting potential and let news sites run with it. Look how much free publicity Android's gotten- not because it's been hacked but because it's awesome! Then again if you play the sensible way you can't brick thousands of phones and blame the consumer.
      • by SuperKendall (25149) on Sunday March 16, 2008 @07:18PM (#22768938)
        Well, it's funny that Jobs likes to lecture the music and movie industry about the futility of DRM, but then he tries to lock down the iPhone.

        Yes, but Apple only does this as a safeguard to help protect more timid users. Apple, unlike the music studios, knows it will be broken and does not really care.

        If he were rational (which is not to say that irrational precludes being brilliant), I don't think he'd really care that much about iPhone hacking

        He doesn't, which is why the last iPhone update did not break jailbroken phones.

        • by Telvin_3d (855514) on Sunday March 16, 2008 @08:49PM (#22769456)
          I never got the impression that Apple has ever intentionally break jailbroken iPhones. I doubt they even test their updates against them before release. The original jailbroken phones changed some stuff the update wasn't expecting and so you ended up with a broken phone. The more recent updates happen to not interfere with jailbreak. I'd think that is as much coincidence as intentional.
        • by MacDork (560499) on Sunday March 16, 2008 @10:54PM (#22770098) Journal

          Yes, but Apple only does this as a safeguard to help protect more timid users.

          Funny, because I recall Steve Jobs making it clear in September that Apple would fight attempts to unlock the iPhone. [cnet.com] He didn't say anything about protecting the timid. I think it went more like this. [youtube.com] "It's a cat and mouse game" and "It's our job to keep them from breaking in." I guess I missed his "Protect the timid" speech.

          He doesn't, which is why the last iPhone update did not break jailbroken phones.

          Yeaaaaah... I'm sure you're right SuperKendal. Steve was just feeling generous. I don't imagine that billion dollar class action lawsuit [pcworld.com] regarding the intentional bricking had anything to do with it.

          • Funny, because I recall Steve Jobs making it clear in September that Apple would fight attempts to unlock the iPhone.

            Well of course, as he doesn't want to upset AT&T. As I said, he knows it will fail. Also, SIM unlock is a different matter than locking down the phone for programming (as in Jailbreak).

            Yaaaaah... I'm sure you're right SuperKendal. Steve was just feeling generous.

            You misspelled my name McDork. He wasn't feeling generous - he just simply doesn't care. This is pretty obvious, do try and
        • by dfghjk (711126)
          "Yes, but Apple only does this as a safeguard to help protect more timid users. Apple, unlike the music studios, knows it will be broken and does not really care."

          Haha that's funny. Apple does it to protect its revenue stream. Timid users have nothing to do with it.

          "He doesn't, which is why the last iPhone update did not break jailbroken phones."

          That completely ignores the efforts Apple has made to break these hacks in the past. Caring about iPhone hacking isn't an all or nothing issue.
          • Haha that's funny. Apple does it to protect its revenue stream. Timid users have nothing to do with it.

            So then why didn't Apple break jailbreaking last update? Oh, so sorry to utterly destroy whatever shred of point you had there.

            That completely ignores the efforts Apple has made to break these hacks in the past.

            You mean actually fixing bugs in the phone? I can't see why Apple would not want to leave a gaping security whole in place. Oh wait, they aren't Microsoft.

            You ignoring the fact Apple didn't break
      • Re: (Score:3, Interesting)

        by moosesocks (264553)

        Well, it's funny that Jobs likes to lecture the music and movie industry about the futility of DRM, but then he tries to lock down the iPhone.

        What is happening on the iPhone is not DRM. DRM is about copy-protection.

        There are many parallels between DRM and closed hardware platforms, but they are two very distinct issues.

        Apple's reasons for clamping down on the iPhone are very likely to be quite numerous, not to mention whatever sort of contractual obligations they have to fulfill with AT&T. It's not pr

        • by bnenning (58349)
          DRM is about copy-protection.

          That's what's said publicly, but really it's about control. Consider DVD region coding; that has nothing to do with copy protection, it's just enforcing market segmentation.
      • by catwh0re (540371)
        I believe what we're witnessing isn't so much the jobsian irrational behaviour(although seen plenty of that in the past), but rather business tactics.

        Just like DRM was to music, Apple first needed to prove to the music industry that a lock down was ineffectual. Only then would the music industry begin to release it's grip, well after they've grown accustomed to the new digital music model. (As were consumers, hence the decline of the CD.)

        This is analogous to the mobile carrier industry. First they need to b

      • by 99BottlesOfBeerInMyF (813746) on Sunday March 16, 2008 @10:55PM (#22770106)

        Well, it's funny that Jobs likes to lecture the music and movie industry about the futility of DRM, but then he tries to lock down the iPhone.

        While the difference between content and applications (or even between types of content) bear directly on Job's statements, you don't even need to look that far. Jobs said that DRM was a flawed concept and would never work for the long term... but Apple implemented it anyway because the RIAA required it to do business in the music industry and without them the iPod would have never materialized, or at least never gained significant market. The same thing applies here. Apple cannot ever "win" the fight against iPhone modders, nor is that their goal. Their goal is to make it inconvenient enough so that the modding community never makes up significant share of iPhones and so they can meet their contracts with the big players in this industry, particularly AT&T who Apple has to keep happy and who probably has a signed contract (trade secret of course so it will never be public unless the courts make it so) that says Apple has to perform due diligence to lock down applications to prevent VoIP on the cell network as well as other apps that threaten AT&T's money making services.

        If he were rational (which is not to say that irrational precludes being brilliant)...

        I think Jobs has proved himself rational, nor do I think you're understanding his position. He's made Apple a lot of money while still espousing the opinion that DRM is a flawed concept. That is what he believes and even what he pressures others to accept in deals with Apple, but at the same time he is willing to do what it takes to get a start in a new market; be it music downloads, movies, TV, or smart phones. It is a very reasoned person who can state their opinions consistently, yet at the same time be wiling to bend to the big players in the market who hold the keys to successful entry.

        When somebody solders a modchip onto a game console motherboard, he knows very well that he's on his own. But when a hacked up iPhone starts to feel normal to users, then Apple loses the ability to control the release cycle.

        I doubt Apple cares that much about locking down iPhones beyond what it takes to keep AT&T happy. Very few people will modify their iPhones to run other software (compared to how many people buy them in total). Sure, Jobs sees an opportunity for more security and stability with whitelists, but they've implemented the same thing to a lesser extent on Macs as well nd you don't see it being used to try to seriously stop users who want to do something and are willing to hack.

        They don't want their new products to compete with hacks for their existing ones, because they've discovered the secret of the software subscription model Microsoft toyed with a few years ago: you don't call it a subscription, you call it spiffy new hardware.

        I don't really think this is Apple's plan. They've had lots of opportunity in both iPod and Mac markets to artificially break compatibility with older hardware. If a new version of OS X ran more slowly than an old version, pretty much no one would have batted an eye, since MS has them conditioned to think of this as normal. Instead, each revision was faster on old hardware than the previous revision (well maybe 10.4 was break-even in some cases). Apple has always sold their new hardware on new hardware features, not on mandatory upgrades enforced by software (and I have a dual 533 Mhz PPC tower in the corner still running as a media server to prove it). And before you bring up the iPod touch, read about Apple's media codec licenses and Sarbanes-Oxley as interpreted by quite a few (but not all) companies in technology.

    • by nehril (115874) on Sunday March 16, 2008 @06:51PM (#22768726)
      the whole iphone dev system is interesting in that it is an attempt to finally invert the usual "blacklisted software" security system that has so often been the rule. rather than the busted concept of allowing all software to run, and then chasing down 'bad' ones with antivirus programs, rootkit detectors, spyware removers etc, they're moving to a whitelist. default deny, selective approve, with revocation.

      just as any sane firewall is set up. (it would be nuts to set up a firewall to default allow all ports, and then start selectively blocking them only once an exploit that uses it becomes apparent, but then you have today's software security model doing just that.) forcing devs to buy a cert means they have somewhat of a point of authentication and also a hook to revoke all of a dev's apps if they fail to toe the line by releasing a virus, trojan, phish etc. Or "something that reduces apple's revenue" ;)

      I believe leopard has the (currently unused) capability to do this built in as well. looks like the iphone is going to be a bit of a testbed for the concept. this kind of thing is only possible really with a "brand new" os where you can start from day 1 with no backward compatibility problems. it's also the reason you're not allowed to run interpreters like java or javascript... else Sun would get a valid cert to load the java interpreter, which in turn could run anything on the planet bypassing the "run only whitelist code" concept.

      I can't say i agree with such "mandatory*" restrictions on a computing device I purchased, but as a matter of security philosophy it really is quite interesting.

      *well, mandatory if you want to run snazzy new SDK apps. they really should set up an "unsupported, you may be SORRY!!" class of signature that would let you run, at your own risk, anything from that signature.
      • by arminw (717974) on Sunday March 16, 2008 @07:20PM (#22768952)
        ....restrictions on a computing device ....

        The iPhone is a PHONE a wireless PHONE. Repeat this a thousand times. It is NOT a general purpose computer. Most people who bought or will buy this expensive gadget want a phone first of all and want that to work as reliably as any other phone at LEAST. Apple will and must do everything in its power that their phone or ipods don't become another Windows like portal for propagating all sorts of malware aimed at emptying unsuspecting people's bank accounts.

        In that regard, Apple can simply inform iphone users in no uncertain terms that warranties on hacked devices are null and void. They are also within their rights to warn users that any update from Apple may indeed inadvertently brick their hacked devices. Unauthorized customer modifications and use of manufactured goods and machines have always resulted in lost warranties at the very least. Sometimes human lives are at stake.
        • by bnenning (58349) on Sunday March 16, 2008 @09:27PM (#22769668)
          The iPhone is a PHONE a wireless PHONE.

          It's a device that can make phone calls, amongst other functionality. My Power Mac 7500 was making and receiving phone calls 10 years ago; that didn't transform it into a single-purpose appliance that would crash and burn if I did anything else with it.

          Also, the iPod touch is not a phone.

          It is NOT a general purpose computer.

          Why not? It runs Unix, and its API looks a whole lot like that for Mac OS X. Apple may not want you to think of it as a computer, but objectively speaking it is.

          Most people who bought or will buy this expensive gadget want a phone first of all and want that to work as reliably as any other phone at LEAST.

          And yet if there's any way to run apps not approved by Apple, these same people who insist on reliability above all else will be stampeding to download malware-infested porn apps from the Elbonian mafia?
        • by Namarrgon (105036)

          It is NOT a general purpose computer.

          "It lets us create desktop class applications and networking, not the crippled stuff you find on most phones. These are real desktop applications." - S. Jobs, 2007 [engadget.com]

          Oh the irony.

          • by arminw (717974)
            .....These are real desktop applications......

            Indeed that's great. The malware writers would also like to have THEIR wonderful applications run in these new, powerful devices. Apple just wants to make that much harder than Microsoft made it for their Windows systems. By inspecting software and controlling distribution, they can filter out possibly damaging programs. If some bad code gets through, they will know exactly who to blame, and if needed get the law after the originators. They can also quickly stop
            • Since when is malware such a big problem on WinMob, Symbian or Linux-based phones? Can't say I've heard of a single case. Symbian also implements app-signing, as of S60v3 and UIQv3, but they still allow open apps - and plugins. Besides, most malware spreads through code exploits, and the iPhone is as vulnerable to those as any other system.

              Sorry, but the "Apple just wants to make life easier for you" line is so much BS. MacOS X isn't signed & locked down, why should "OS X in a mobile device" be so dif

              • by arminw (717974)
                ....Are phones so much more mission-critical than computers?.....

                People have different expectations from phones and toasters than from computers. Mostly because of Windows with its history of frequent BSOD's, freezes and other troubles, people have gotten used to the flakiness of PCs in general. Many EXPECT their computers to screw up now and then, or at least they'll accept that as par of the course. Even in OSX, there are rules which Apple imposes of programmers.

                OTOH, phones have historically been MUCH mo
        • The iPhone is a better computing device than it has ever been a phone. It has bad-to-mediocre voice quality. Anything that can BE a general purpose computer IS, in effect, a general purpose computer.
        • by cgenman (325138)
          The iPhone's utility above a standard free phone, as any owner can tell you, is having the internet in your pocket. Look up which movie people had wanted to see on Livejournal, check the rating on Rotten Tomatoes, then find a theater playing it nearby. All while still sitting in the resturant after work with people debating what to do.

          As outlook integration comes online, I can see this easily becoming the next crackberry as well.

          And finally, the iPhone makes a great google map for us who keep getting lost
          • Re: (Score:3, Insightful)

            by arminw (717974)
            ....the iPhone for its phone calling capabilities....

            For those who don't need the phone part, there is the iTouch music player. Apple has to take steps to prevent their devices from becoming another Windows monoculture that attracts crooks who want to rip off as many people as possible. Some of these steps will displease the software freedom advocates, but are unfortunately a needed precaution in our connected world.

            Decent developers should have no problems writing and selling clean software, according to t
      • the whole iphone dev system is interesting in that it is an attempt to finally invert the usual "blacklisted software" security system that has so often been the rule. rather than the busted concept of allowing all software to run, and then chasing down 'bad' ones with antivirus programs, rootkit detectors, spyware removers etc, they're moving to a whitelist. default deny, selective approve, with revocation.

        I think this is a less than ideal approach as well. What would really be ideal is a greylist, combining both known malware signatures to be blacklisted, as well as known "good" software signatures to whitelist along with an ACL as to what behavioral limits the software should be doing properly. More importantly, items and ACLs for the greylist should be "subscribable" from multiple security vendors. Maybe I trust Apple's security recommendations, but maybe I trust Clam AV's more, and would not mind paying

      • by Jaime2 (824950)

        I believe leopard has the (currently unused) capability to do this built in as well.

        Windows has had this capability since 2000 through group policy. One of the restrictions is to allow a specific whitelist of software to run, specified as file hashes. The Microsoft .Net framework has the ability to restrict software by publisher signature.

        A general purpose operating system can't get by with forcing all software to be signed by the OS vendor. However, the iPhone may succeed with this model because it is a phone and people won't have the expectation of general purpose usability. Com

  • Jobs will pounce on this faster than a Leopard. They should have kept their mouths shut.
    • Re: (Score:2, Funny)

      by Anonymous Coward
      And a few years ago he would've jumped on it as fast as a Tiger. And before that as fast as a Panther, a Jaguar, a Puma, or a Cheetah, depending on what year the comment was made.
    • by revscat (35618)
      Would you care to put your money where your mouth is? If you are implying that Apple will take legal action against this I would be interested in placing a wager against that prediction. Say, $500?
  • ...allow unsigned code to be written to memory.

    This doesn't sound that attractive to me.

  • Nice (Score:2, Insightful)

    by aleph42 (1082389) *
    It's not the first time something is hacked before it's even released, but it's always funny.

    What really makes this one a good example is that for once this lock used some kind of real crypto (RSA), not some security-through-obscurity stuff. And yet, of course, that defeated, by not even letting the check occured.

    Because crypto scenario were Bob tries to hide something to bob, after giving Bob the key are just a bit to stupid to work.
    • by dattaway (3088)
      The Nintendo DS has a nice RSA Protected sticker on the bottom, but that didn't stop me from installing Linux. They can install all the crypto and DRM in the world on a device. Unfortunately for them, they all have processors and they have to start executing machine code from memory. All kinds of ways to flip bits and get into the system. Its like trying to put up a fence at the border. Don't work. Never did.
      • The Nintendo DS has a nice RSA Protected sticker on the bottom, but that didn't stop me from installing Linux.

        I think the RSA encryption on the DS is only used when playing networked games.
        • Re: (Score:2, Informative)

          by Pepsiman (89597)
          Yes, the RSA encryption on the DS is only used when downloading a game from another DS.

          The RSA encryption on the Wii is used for everything, but has an implementation bug.

          This bug is exploited by Datel to create Freeloader and by homebrewers to create Wii channels, fake update partitions, etc.
  • From a user's perspective, I would have rather had them wait until the 2.0 update came out to release this info so that there would be a hackable version 2.0 available. As it is, it's pretty likely that Apple will fix the vulnerability that these folks have discovered before releasing the new firmware.
    • Re: (Score:2, Insightful)

      by dagamer34 (1012833)
      The vulnerability affects the bootloader. Apple will NEVER, EVER, EVER replace the bootloader by a user update. Any disruption while replacing the bootloader equals a truly dead iPhone. While we may have come to expect complications with our computers, cell phones are another story. If anything, we'll see an updated bootloader in new phones, but the millions already on the market will still be available to be unlocked. Though, Apple will probably have yet ANOTHER security audit so make sure the 2nd gen iPh
      • by plover (150551) *
        *BZZT* Wrong, but thanks for playing. You were spot on until your last line, where you referred to "illegal" activities.

        There is absolutely nothing illegal about hacking your iPhone. Nothing. Many of the image problems hackers get come from people associating anything hacking with "illegality". We owe it to ourselves to not perpetuate that foolishness.

  • Firmware 2.0 (Score:4, Informative)

    by the_g_cat (821331) on Sunday March 16, 2008 @06:42PM (#22768666) Homepage
    They hacked firmware 2.0, which will run on current iPhones, there's no mention of new hardware for this stuff...
  • Feasable? (Score:4, Interesting)

    by PolarBearFire (1176791) on Sunday March 16, 2008 @06:55PM (#22768764)
    This thread is probably going to be full of sofware security bashing, deservedly or not. Let's get something constructive out of this... Anyone know of any way to make software security function the way business people dream of? Namely, only approved code running approved processes. I think given access to the hardware any machine can be "hacked" given enough interest and manpower. Even putting security features in the chips themselves, as I've heard they are developing, will just be a relatively minor roadblock.
    • Re: (Score:3, Informative)

      by MBCook (132727)

      The best you could do would be to alter the hardware (the actual CPU, not some external module) to verify cryptographic signatures. That would prevent you from accidently loading software like this, but it has it's own problems. For one, you have to stick your cryptographic key on the CPU. If they get compromised, they can't be updated. If they can be updated, then someone who cracks the device can just update to their own key and they are now in charge.

      You could have a second CPU, acting as a watchdog, mo

      • Re: (Score:3, Insightful)

        by smallfries (601545)
        Why not some external module? That was the design that the Palladium [wikipedia.org] group came up with to solve this very problem - whitelisting software.
    • Re: (Score:3, Insightful)

      by BosstonesOwn (794949)
      Microsystems are becoming the end game at the moment , or are being touted as such.

      The newest platforms are actually systems on a chip. Not only a watch dog watching the voltage and clock lines , but watch dogs performing zero knowledge tests on blocks of data before they are passed to the considered safe block of ram. It always comes to the same point , the key is on the chip some where. You can randomize and do as much as you want to make the key random , at some point the key has to be stored to even sta
  • by PC and Sony Fanboy (1248258) on Sunday March 16, 2008 @06:59PM (#22768786) Journal
    Well, I guess the iPhone will die a slow death, the same as the PSP (wait a minute, people are still developing for the PSP ... maybe the iphone won't die?).
  • May this open the door to be able to install linux on the iPhone?
  • by DanWS6 (1248650) on Sunday March 16, 2008 @08:05PM (#22769176)
    First person to get windows running on the iphone 2.0 will receive a free copy of Microsoft Vista.
  • now even hackers are releasing vaporware?
  • unpatchable? (Score:3, Insightful)

    by v1 (525388) on Sunday March 16, 2008 @09:17PM (#22769596) Homepage Journal
    I keep reading they hacked the firmware. So what's to stop Apple from releasing a firmware update that breaks it? They release firmware updates for their computers periodically. Firmware is not impossible to upgrade.
  • by SleepyHappyDoc (813919) on Sunday March 16, 2008 @09:26PM (#22769662)
    They could bring out something similar in specs, unlocked, able to run unsigned code, etc, all the capabilities the hacking community wants but sufficiently different in some way to distinguish it from the standard iphone (Bulkier, to add more connections, maybe?). Market it at a huge enough price difference that AT&T doesn't get upset, and everyone would be happy.
  • The way I see it is that for once, His Steveness had lost faith in his ability to sell his product at their actual price. The deals made with the various telcos were mainly cost-cutting measures, to be made up by the profit-sharing model, leading to the locking of phones, and to the current situation. Who knows, if he had tried to sell a $1000 iPhone, and people still bought it up, and installed whatever software they wanted, then maybe the production cost of iPhone 2.0 might have gone down by now, and an i
  • by dougwhitehead (573106) on Sunday March 16, 2008 @10:49PM (#22770072)
    Given that Apple is slow to approve developers, the only way to test your OpenGL ES program is to Jailbreak the iPhone.

    You are supposed to test your program with the iPhone Simulator, called Aspen. The Aspen simulator is part of the free download SDK for the iPhone. However, Aspen does not support OpenGL ES, which is hardware acceleration for cool effects & fast 2D or 3D.

    To deploy to the iPhone, Apple must give you a certificate, and they only do that to those paid developers whom they select.

    In other words, most game developers can not test their programs because they can not deploy their programs to the iPhone.

    I want to play around/learn. I have avoided Jailbreak solutions to date, but I see no other way.

  • Does Apple care? (Score:2, Insightful)

    by Ungulate (146381)
    Given that Apple seems to have sold a huge number of iPhones to people other than American AT&T customers, I don't think it's a coincidence that Apple has released four firmware revisions now and still haven't managed to lock it down. Once June arrives and it's confirmed that the iPhone can still be unlocked, I'll happily buy one and use it on T-Mobile, as I have no interest in switching to AT&T.
  • How relevant? (Score:3, Insightful)

    by cadeon (977561) on Monday March 17, 2008 @06:01AM (#22771678)
    How relevant is hacking the iPhone, now that we have an SDK?

    What I would like to see is a hack to get around the $99 fee to run your app on the device itself. The fee annoys me. I can understand it being there for devs that want to release their app, but what about people like me, who just want to see if I can make run on it?

    I know, I know, the simulator.... that's no good. I want running on my phone!
  • by PortHaven (242123) on Monday March 17, 2008 @07:38AM (#22772168) Homepage
    I mean, this post is talking about a hack on hardware that only exists internally to the Apple development cycle.

    Huh...

    Either, they hacked this themselves so as to determine how to protect against it. Or this whole story is hogwash and not worth two grains of salt.

Optimization hinders evolution.

Working...