Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

1.1.1 Jailbreak Complete, Security Ramifications

it won't brick the iPt only the unlocked iPhones were hurt the iPt isn't unlocked so apple won't worry about bricking until they start selling their own apps.

I will be installing as soon as I hear enough people saying it is stable...or if I'm really bored when it first comes out.
 
Well, Apple must be pleased, they now have dozens of testers looking for security leaks for them for free.
 
Macrumors said:


Engadget's Ryan Block has confirmed ...
Click to expand...
Personally, I am getting tired of the iPhone hacker stuff.

I am also tired of hearing the 1.1.1 "jailbreak" being announced over and over again. This is the 3rd time I have read an article about it, only to find out in the fine details that it's still "not quite." I mean what's the point of engadget saying it's "verified" if it notes in the same article that they don't have "reliable read and write" access, and "don't know what's going on" in that regard??? I kind of seriously doubt this hack will ever be ready, and that the hackers days are numbered.

The 1.0.2 stuff was all fascinating, but now in hindsight, we know that Apple basically left the door on the iPhone open on purpose so as to see how the hackers proceeded.

With 1.1.1 everything is encrypted, and if not for a well-known Safari vulnerability (Apple leaving the door open again?), the hackers would most likely not have even got close to a jailbreak again.

We can expect a 1.1.2 (or whatever) update in a matter of days or a couple of weeks at most, almost certainly closing the Safari loophole, but it seems likely to me that there won't even be a working hack at that time to break.

With all the OS-X'y (sexy?) goodness expected of Leopard and the assumed, associated iPhone update will anyone care that the hackers finally got into 1.1.1 a couple of days earlier? How likely is it that they will ever get into an OS environment where every single thing is encrypted and locked down with certificates?

I think the hackers are engaged not in a game of cat and mouse, but in a game of "let's believe we have a chance." Unless the hacker community has a working qbit computer up their collective bums, this doesn't sound like it will ever happen to me.
 
And if you thought it was tough breaking into 1.1.1, wait until 1.1.2.

My iPhone hacking days are done unless somebody comes out with a way to view my slingbox. If I want to play Nintendo, I'll buy one on eBay for $100. I'm not going to brick my $500 iPhone over it. I don't want to hear about any lawsuits when you can't get your phone to turn on anymore. :rolleyes:

I predict a pretty sweet update come Leopard Day... whenever that officially is. Third Party Apps? Games? an App Developer? They'll only charge you $.99 to make your own apps.

Good luck though. :D
 
DaBrain said:
Yeah I agree! I don't get all the Hype on this! I can see it now. People install a bunch of Apps on their iPhone and iPod Touch and several weeks later Apple puts out an irresistable update and Wham all the crying begins again! It's like people are a glutton for self-punishment! A never ending cyle!
Click to expand...

Welcome to the age of entitlement and victimhood, please be sure to pick up your free copy of 'Who Can I Blame for Everything Wrong in My Life?' and its best selling sequel, 'Everyone Who Won't Let Me do What I Want to do is Evil!'
 
I don't know why you all say this this hack will be useless. There Are plenty of people with iPhones that have not updated to 1.1.1, so those of us that have iPod touches, or iphones with 1.1.1 just won't update to 1.1.2.

Its that easy, see?
 
basing this sort of hack on a vulnerability seems silly, now its in the open apple will do their best to patch the vulnerability as a vulnerability which will close that door on the jailbreak, and frankly im glad. as a user with no hacks, i want the security vulnerability patched.
 
Exactly.....

And what some people seem to be ignoring is that fact that until the iPhone was jailbroken and able to be accessed from a Terminal prompt using the latest firmware, developers were only guessing as to what changes lied beneath.

Apparently, firmware 1.1.1 changed around MANY of the system calls in the framework from what was in 1.0.x ... so most of the applications will need to be re-written to run under it again.

Saying "It's pointless to go through all this to hack into 1.1.1, when Apple will just come along and close up the holes in 1.1.2!" is incorrect. Being able to "have a good look around" inside 1.1.1 should open up more possibilities for how to approach getting into the next version of the firmware. It also lets developers get their applications updated so they'll run under the revision 1.1.x firmwares again.


bdj21ya said:
I think the big difference is that Apple has locked people out of 3rd party development, creating a LOT of pressure to hack. In most cases hacking is only of interest to such a small group, but with the iphone it is becoming a mainstream concern.

Apple failed to lock the original phone very well, and so people got a taste of what the iPhone was really capable of. Now we're just all hoping to have the best of both worlds, Apple's updates, and the software from 3rd parties.

If you ask me, the big concern here is unlockers. While I sympathize, I kind of worry that they increase Apple's incentive to jail the iphone to keep their contract with AT&T.
Click to expand...
 
I remember reading other iPhone threads and there have been several posts that said that if you're not happy w/ the iPhone or how Apple handles it, get a different phone. That's a little BS b/c what if there's no phone out there you ARE happy with? I can understand these companies will want to do something a specific way, but it is we, the consumers, who should drive what features an item has, not necesarily the companies. Sure, some people want unrealistic things, but many things (like an NES emulator, IM app, etc.) are all very possible. So Apple & all companies should be more attentive to what people want and give them it.
 
Oh great, so now what we're going to have is different iPhone application levels. We'll end up with one set of apps for the people who have firmware 1.0.x and didn't upgrade from there, another set of apps for people who upgraded to 1.1.1 but not to 1.1.2, and so on from there for each firmware version. And then somebody will be able to make a fortune off selling a book with tables telling people which apps they can get with which firmware.....this is going to get ridiculous.
 
Okay, this is a good first step. Like people have said, though, Apple will patch this. Still, 1.1.1 is siezed. Can they now install decryption on it and find the appropriate keys? That would be my next step, although I don't know anything about hacking computer software :p

-Clive
 
guzhogi said:
I remember reading other iPhone threads and there have been several posts that said that if you're not happy w/ the iPhone or how Apple handles it, get a different phone. That's a little BS b/c what if there's no phone out there you ARE happy with? I can understand these companies will want to do something a specific way, but it is we, the consumers, who should drive what features an item has, not necesarily the companies. Sure, some people want unrealistic things, but many things (like an NES emulator, IM app, etc.) are all very possible. So Apple & all companies should be more attentive to what people want and give them it.
Click to expand...

You are correct Guz in that consumers should drive product features, and they usually do just as they will in this case. However, Apple and AT&T have an agreement at the moment, an agreement that made the iPhone a reality rather just another cool idea that Apple wanted to get out there.

Patience is a great virtue and Apple is not a stupid company, nor are they the 'New Microsoft' as some have insanely accused them of in the many threads on the illegal iPhone agreement violations. (start your, 'Rustus is a fanboy!' rants here kiddies). Apple will eventually open up the iPhone to legitimate 3rd party apps but they will do it in their time and their way because in the end it's their product and their reputation on the line.

Agree with them for what they are doing, hate them for what they are doing, they are a private company selling a product to you with your full knowledge of its limitations at the present.

So...choose...be happy with what they are offering which is good but not quite yet everything you want it to be...or go with another phone which you've already said isn't what you want either...or...wait.

Patience...is a virtue.
 
I would have to assume that Apple is also aware of this security issue and is probably working to fix it. Which means we should probably expect another iPhone update within the near future to patch this security hole.
 
bdj21ya said:
I think the big difference is that Apple has locked people out of 3rd party development, creating a LOT of pressure to hack. In most cases hacking is only of interest to such a small group, but with the iphone it is becoming a mainstream concern.
Click to expand...

I doubt this very much. The hacking community accounts for a very small percentage to the overall community.

I think there was overwhelming request for custom ringtones. But for customs applications the demand isn't that great.

I know several iPhone owners that don't know about the hacking that takes place. Alot of them including myself wouldn't even gamble with the very thought of giving $500 to Apple and still pay monthly for service that cannot be used.
 
Apple should be ashamed of itself because (take your pick):
They're going to quickly patch the Safari TIFF vulnerability, breaking users' ability to install applications.

They're not going to quickly patch the Safari TIFF vulnerability, leaving users susceptible to potential security problems.​
Shame on you, Apple! :rolleyes:
 
Rustus Maximus said:
So...choose...be happy with what they are offering which is good but not quite yet everything you want it to be...or go with another phone which you've already said isn't what you want either...or...wait.
Click to expand...

Or hack it and enjoy the phone you want.
 
guzhogi said:
I remember reading other iPhone threads and there have been several posts that said that if you're not happy w/ the iPhone or how Apple handles it, get a different phone. That's a little BS b/c what if there's no phone out there you ARE happy with? I can understand these companies will want to do something a specific way, but it is we, the consumers, who should drive what features an item has, not necesarily the companies. Sure, some people want unrealistic things, but many things (like an NES emulator, IM app, etc.) are all very possible. So Apple & all companies should be more attentive to what people want and give them it.
Click to expand...

Well, people should send feedback to apple at www.apple.com/feedback
 
Rustus Maximus said:
You are correct Guz in that consumers should drive product features, and they usually do just as they will in this case. However, Apple and AT&T have an agreement at the moment, an agreement that made the iPhone a reality rather just another cool idea that Apple wanted to get out there.

Patience is a great virtue and Apple is not a stupid company, nor are they the 'New Microsoft' as some have insanely accused them of in the many threads on the illegal iPhone agreement violations. (start your, 'Rustus is a fanboy!' rants here kiddies). Apple will eventually open up the iPhone to legitimate 3rd party apps but they will do it in their time and their way because in the end it's their product and their reputation on the line.

Agree with them for what they are doing, hate them for what they are doing, they are a private company selling a product to you with your full knowledge of its limitations at the present.

So...choose...be happy with what they are offering which is good but not quite yet everything you want it to be...or go with another phone which you've already said isn't what you want either...or...wait.

Patience...is a virtue.
Click to expand...

Exactly. Hacking the phone is great and all and keeps some people interested in the possibilites the iPhone has, but in reality, do you not just want a more safe phone, especially if you are getting emails and taking personal calls on it. I personally don't want someone to exploit a vulnerability in my phone and gain root access. I don't think that seems unreasonable at all. As for Apple purposely stopping the hacks, they probably do since it is their product and are a company that I would say enjoy making money, can we really fault them for that.

I truly believe that we, as consumers, should have the ability to influence those things business release, but we also have to understand that what I want may not always be what you want, and thats where the Business decides what is best for a majority of us.
 
I suppose one side effect of all these games with 1.1.1 could be improved security. With a lot of bright people hammering away in a race to break in, and posting about their experiences on the web, Apple can take note of exactly where the weaknesses are.

Then, assuming they release an SDK later, maybe they will have used all this free security testing to help lock down the areas of the phone that really should be secure to guard against malicious code.

A guy can hope...
 
Malakas07 said:
I doubt this very much. The hacking community accounts for a very small percentage to the overall community.

I think there was overwhelming request for custom ringtones. But for customs applications the demand isn't that great.

I know several iPhone owners that don't know about the hacking that takes place. Alot of them including myself wouldn't even gamble with the very thought of giving $500 to Apple and still pay monthly for service that cannot be used.
Click to expand...

If you ever use custom apps on the iPhone, you won't be saying that. A number of very smart people have put in lots of effort to make the iPhone experience even better (such as putting IM client on it, which means free SMS messaging via AIM).

The hacks will work as long as you don't update the firmware! If it stops working, iPhones CAN BE RESTORED TO FACTORY DEFAULT via iTunes.
 
Apple's gonna patch this up so fast.

Anyone think there's a slight possibility that Apple may try and purposefully and permanently damage unlocked iphones... would they become more aggressive?
 
dscottbuch said:
This will certainly be fixed in 1.1.2 and not to frustrate the iPhoneDevTeam but because its an actual security issues. Then what? Without the key to decrypt the frameworks then 1.1.2 will break all of the apps developed here, again, not because Apple wants to frustrate hacker but because they are continuing to change/develop the API.
Click to expand...

Isn't that the point?

Anything the DevTeam does will be broken by Apple's next update.

Any fix Apple makes will be cracked by the DevTeam.

And on and on and on and on...




plumbingandtech said:
4,851

Out of 1.X million iphones.
Click to expand...

Please tell me you're not opening up *this* can of worms again....
 
Ive got 2 brand spanking untouched iphones, I believe both v1.02, which Ive been holding off jailbreaking/unlocking for some weeks now. Im in the UK and do not want an O2 contract. With Leopard just around the corner, Im wondering what to do - as when I upgrade (on the day its released) I will no longer have the necessary version of itunes installed (v7.4.1) (although I do have an old PC Id prefer to not have to PC sync)
Its 1 thing to not update the iphone, but to be unable to sync it or even upgrade my mac to leopard is another. :apple:
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back