The transaction to their server isn't secured... meaning one could set up Wireshark and sniff packets to figure out what is going on... then use that in the public.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS4 Jailbreak Method Brings Security Concerns
- Thread starter MacRumors
- Start date
- Sort by reaction score
The transaction to their server isn't secured... meaning one could set up Wireshark and sniff packets to figure out what is going on... then use that in the public.
We don't know that he hasn't reported it to Apple though, which would be the responsible thing to do. He hasn't said either way.
jW
Through jailbreaking, I can turn my iPhone 4 into a wifi device which in turn can be used to tether my wifi iPad. The wifi iPad doesn't allow the tethering option on the iPhone to be used in conjunction with it. That alone, for wifi iPad owners, is worth the jailbreak.
Jailbreak to fix
For anyone who is concerned about this vulnerability on thier non-jailbroken iPhone there is an easy fix to avoid someone hacking into your phone to be malicious and restricting their access to your device.
Solution
Jailbreak your device and then change the mobile and root password defaults from the standard apple password: alpine.
For anyone who is concerned about this vulnerability on thier non-jailbroken iPhone there is an easy fix to avoid someone hacking into your phone to be malicious and restricting their access to your device.
Solution
Jailbreak your device and then change the mobile and root password defaults from the standard apple password: alpine.
You have your personal information on a device connected to the internet, you're taking your chances.
Exactly... some people are missing the point of the vulnerability - it has almost nothing to do with jailbreaking specifically but how it was done, and what that could mean for others who might want to do harm to an iPhone (I'm guessing there are a few out there that would love to hurt Apple and its users)
So someone sends Mom an email saying "click here for free farmville cash" and they launch the very same process... yet this one isnt' a jailbreak but a payload of something.. well.. bad... either sharing internal data or crashing phones.
Apple needs to figure out what it is and plug it in the next security release, period. I'm sure they will... and I know these things happen all the time and not just on iPhones.
So, here's where I sit on this (example):
I have a Mac with Microsoft Office installed. One day it stops working. I take it to Apple, and they say it's a bad logic board, but they say "oh, we notice you installed Microsoft Office. We only cover the machine as long as it runs our software or software we specifically approve, so we can't cover this repair".
Obviously that's ridiculous. The 3rd party software did not cause the logic board to go bad in this case. The same can be said to a certain degree with jailbreaking.
I can't believe that the Apple sheep can fail on reading comprehension so much! Don't break Apple Rules???? HAHA did you even read the articile in question?? It mentions concern because the same method could be used by any web page to kill, install spyware, trojans or anything onm your iPhone. The concern is not the jailbreak or the effects of the jailbreak. The concern is that so big securty whole shouldn't exist!
Then that is good for Apple and for us since the hole will be fixed while otherwise it would remain available for malicious users.
it's a guessing game until he gives some more indication of what he did. My money (all 2cents of it) is on a typeservices bug in MacOS that may have made its way to iOS. http://secunia.com/advisories/39426/
It would be responsible, but he hasn't said either way.
I also said this on the other thread, this serious security flaw is way more interesting than the fact that the iPhone can now be jailbroken by yet another method. What if the website would say "Slide to see stupid pictures of cats" instead of "Slide to jailbreak"? That would trick users into:
... all without their consent. Slightly worse than stealing a phone number from the address book, right?
- Modifying the OS
- Installing software
- Voiding their warranty
... all without their consent. Slightly worse than stealing a phone number from the address book, right?
Hmm, I hadn't thought of that one. However, he did point out it was PDF related.. or so I heard.
Lol
Fair enough. A debug build would show exactly where they're failing. Doesn't tell us curious people where it is though
Yes... you embed a specifically crafted font in a PDF and watch the magic happen.
Fair enough. A debug build would show exactly where they're failing. Doesn't tell us curious people where it is though
Yes... you embed a specifically crafted font in a PDF and watch the magic happen.
Fair enough. A debug build would show exactly where they're failing. Doesn't tell us curious people where it is though
Wouldn't the iPhone simulator also do that?
Apple has a rule about Jailbreaking ..... DONT DO IT!! it's really simple, don't break Apple rules.
why not?
Meanwhile, real Android ROOTKIT code was given away to attendees of a hacker conference.
Vs. potential security concerns.
Vs. potential security concerns.
And this is exactly what I thought when I saw this new jailbreak method yday!
While it's easy and all, it still risky (the method). I open a website and they may have access to my device filesystem where the hacker can install malware/steal data/wipe out my system?
While it's easy and all, it still risky (the method). I open a website and they may have access to my device filesystem where the hacker can install malware/steal data/wipe out my system?
Well, if Apple wants these exploits to remain hidden, they should allow non Apple Store apps to be installed on the iPhone.
In the end, these exploits are found and reported every day (which is a good thing). I'm sure apple will figure out what the exploit is and patch it in 4.1.
Then jailbreakers will just find an new hole.
Apple's just asking for the jailbreakers to find holes as long as they try to keep their little walled kingdom free of freedom.
See this is the problem I have with the whole change to the DMCA to allow Jail Breaking. Apple's OS (iOS), Apple's rules. Yes you own the hardware, and have a license to use the software as is on the device. But you don't have the right to change the OS. You want to run another OS on the hardware, feel free too. But people seem to think they have some right to run a modified version of Apple's OS. *shrugs*, I've never done this to my device, nor will I.
QFT
Especially the one about FV Cash. Man, I can't believe how many people fall for everything FV related. Seems like FV switches off every ounce of reason dealing with computers if you're playing too long
Here's one killer feature, UNLOCK. I enjoy being able to use a local SIM when traveling rather than pay ATT ridiculous international roaming charges. Also you just named two great reasons to jailbreak as well. What you need a list of 10 reasons to jailbreak or something for it to be worthwhile to you?