Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS4 Jailbreak Method Brings Security Concerns

rmatthewware said:
This is like buying a car, taking out the engine, tires, brakes, transmission; replacing those with after market parts; then getting mad at the car manufacturer when things go wrong.
Click to expand...

Actually, It's more akin to changing the locks on your car and still expecting the manufacturer to fix the engine if it breaks. Let's not forget that this is all software that we're talking about. Whenever you take the iphone (or most any piece of apple hardware) in "for service", they'll do a reset of all the software on it and return it to you, expecting that you've done proper backups on your own.

The only thing I would expect them not to fix for me is if I cracked open the phone to replace a RAM module or something... but clearing the internal memory and rewriting it with their freshest version of the software is not an unreasonable expectation.
 
iDisk said:
Apple has a rule about Jailbreaking ..... DONT DO IT!! it's really simple, don't break Apple rules. :)
Click to expand...

not to do jailbreak on my device ?? it's my freaking device i do whatever i want with it , apple's rules? wtf is your problem?????..... i paid $300 for this phone and im paying $100 for crappy at&t service... apple's rules.... im waiting patiently for the unlock to screw at&t and go back with tmobile...
 
Great. So now we can't view pdf's that anyone sends us, or that we find on the web, even on a stock un-jailbroken iPhone, because they might be infected with this bomb.

I'll need to forward these pdf's to a Windows PC and view them on my iPhone via a Remote Desktop app. Funny that I now need a Windows PC to protect me from an iOS exploit.

:eek:
 
noxtos said:
There's a fix for the PDF exploit, but of course only for jailbroken phones. Who said jailbreaking imposes sercurity risks? ;)

http://www.funkyspacemonkey.com/fix-pdf-exploit-jailbreaking-jailbreakme
Click to expand...


Now that is funny.

Peace said:
So there's another hackers code to fix the first hackers code.

Lovely.
Click to expand...

You're still not getting this? It's not fixing anything but the exploit. The exploit isn't a result of the Jailbreak. The Jailbreak is a result of the exploit.

Take it up with Apple, not someone who found it.
 
For people willing to investigate this, here are the links:

http://www.jailbreakme.com/_/iPod1,1_3.1.3.pdf
http://www.jailbreakme.com/_/iPod2,1_3.1.3.pdf
http://www.jailbreakme.com/_/iPod3,1_3.1.3.pdf

http://www.jailbreakme.com/_/iPod1,1_4.0.pdf
http://www.jailbreakme.com/_/iPod2,1_4.0.pdf
http://www.jailbreakme.com/_/iPod3,1_4.0.pdf

http://www.jailbreakme.com/_/iPad1,1_3.2.1.pdf

http://www.jailbreakme.com/_/iPhone1,1_3.1.3.pdf
http://www.jailbreakme.com/_/iPhone2,1_3.1.3.pdf
http://www.jailbreakme.com/_/iPhone3,1_3.1.3.pdf

http://www.jailbreakme.com/_/iPhone1,1_4.0.pdf
http://www.jailbreakme.com/_/iPhone2,1_4.0.pdf
http://www.jailbreakme.com/_/iPhone3,1_4.0.pdf

http://www.jailbreakme.com/_/iPhone1,1_4.0.1.pdf
http://www.jailbreakme.com/_/iPhone2,1_4.0.1.pdf
http://www.jailbreakme.com/_/iPhone3,1_4.0.1.pdf

And you get the picture. Hello localhost?
 
severe said:
The exploit isn't a result of the Jailbreak. The Jailbreak is a result of the exploit.

Take it up with Apple, not someone who found it.
Click to expand...

That's what far too many people here are failing to understand. The jailbreak didn't create this exploit. It was already sitting there for anyone with the skills to locate it. Their beef should be with Apple, not the Dev Team.
 
aardwolf said:
The transaction to their server isn't secured... meaning one could set up Wireshark and sniff packets to figure out what is going on... then use that in the public.
Click to expand...

Yeah, if you take the hard route. The easy route is just switch on the developer menu in Safari, set the user agent to 'iphone', open the page and check out the JS. In a few minutes you find out the URL's to the PDF's, one for each combination of hw model + ios version. And you probably want to google a bit on injecting code in PDF's. Enjoy!
 
Just sitting back laughing

Take it up with Apple? Yeah. That's gonna get you "you were told not to do that."

Your device, fine. Their LEASED operating system. You mess with it, your brick.

BTW, if it's so good and dandy to mess with it, next time, go mess with your car's computer.

Or your DVD player.

Or your X-Box.

More often than not, operating a device outside the recommended manufacturer specs is going to result in a screwed up device with a voided warranty. If you want to throw your cash around like that, have at it.

But my point is, why did you buy an iPhone to begin with? It's obviously not for you. So, WHY??????????????????????

Oh, so you can b*tch and moan on internet blogs.

Gotcha.
 
What I find interesting is that people who jailbreak have absolutely no idea whatsoever what they are actually installing on their devices when they install packages from 3rd party repositories. If apple doesn't even have an automated app vetting process that will detect tethering apps hidden within flashlight apps, I highly doubt Saurik is vetting apps from repositories people are adding via Cydia.

Who cares about obscure pdf bugs known by 10 people when all you have to do is get people to willingly install packages via 3rd party repositories after they have jailbroken? Don't get me wrong, I have enjoyed a jailbroken device, but I am perfectly aware of the possible consequences. I have a feeling 90% of people who jailbreak have absolutely no idea what they are exposing themselves to, and can't possibly know. The security concerns of a safari/pdf/whatever vulnerability pale in comparison to willingly installing arbitrary apps from unknown sources...
 
I give a ****ing **** about apples rules!!! I bought the phone for a **** load of money and I want to use it as I want!
 
rwilliams said:
How do you think the jailbreak was able to work in the first place? It used a vulnerability found in non-jailbroken phones. So if comex's code could execute on your non-jailbroken phone, there's no reason that a malicious hacker's code couldn't do the same using the exact same vulnerability.
Click to expand...

Wow. I have no clue how it was able to work in the first place. I'm ignorant on this subject. That's why I wanted to do a little reading on it. Which is why I asked for the link to the article. But thanks for making me feel clueless, all the same.
 
BayouMan said:
Take it up with Apple? Yeah. That's gonna get you "you were told not to do that."
Click to expand...


Obviously while you are laughing you aren't actually reading... you don't have to jailbreak to see the point of the security concerns. One can certainly take the security issue up with Apple if they wish, but I'm sure they know about it by now.

Lets say this one more time.. the security concern exists whether you jailbreak or not.
 
BayouMan said:
Take it up with Apple? Yeah. That's gonna get you "you were told not to do that."

Your device, fine. Their LEASED operating system. You mess with it, your brick.

BTW, if it's so good and dandy to mess with it, next time, go mess with your car's computer.

Or your DVD player.

Or your X-Box.

More often than not, operating a device outside the recommended manufacturer specs is going to result in a screwed up device with a voided warranty. If you want to throw your cash around like that, have at it.

But my point is, why did you buy an iPhone to begin with? It's obviously not for you. So, WHY??????????????????????

Oh, so you can b*tch and moan on internet blogs.

Gotcha.
Click to expand...

Plenty of people DO install custom firmware on Xboxes, and Car Computers...

You DO own the hardware so, at your own risk, you can install anything you want. I bought my EVO 4G and pulled off the entire stock firmware and installed a totally open source community version of Android. This kind of thing is common practice. The big problem that it's been made so easy for end users to jailbreak iPhones and root Android phones. We have so many people that aren't really aware what they are choosing to do.

And as for why people buy the iPhone in the first place... Because as you said, you own the hardware but lease the firmware. The hardware is EXACTLY what some people want. Then they want to give up the leased firmware and install whatever software they want on it. What's wrong with that? That's what I did with my Windows computers. First thing I did was reformat the HDD and install Linux. All I was interested in was the hardware.
 
BayouMan said:
BTW, if it's so good and dandy to mess with it, next time, go mess with your car's computer.
Click to expand...

Done that. Got more MPG and horsepower from two different VW TDI models for many tens of thousands of miles problem free.

BayouMan said:
Or your DVD player.
Click to expand...

Done that with two models, one a DVD rewriter and one an HD-DVD player. Added functionality, worked well.

BayouMan said:
Or your X-Box.
Click to expand...

Haven't done that as I don't have one, but I have hacked a Wii for homebrew...

I have also installed hacked firmware on a Canon DSL which enabled several features that Canon had made available on more expensive models and existed on my low end model but Canon had just "turned off" so the more expensive models would seem better. (Kind of like MMS support on the original iPhone - worked fine but Apple had it turned off so the 3G would seem better).

BayouMan said:
But my point is, why did you buy an iPhone to begin with? It's obviously not for you. So, WHY??????????????????????
Click to expand...

Because the iPhone is awesome.

But there is one single thing which makes jailbreaking worth it - SBSettings. With SBSettings I can control my 3G, Wifi, Bluetooth, and airplane mode with a single swipe and a single tap. With Apple's method it takes me at a bare minimum 3 taps to turn on/off Wifi, 4 taps to turn 3G on/off, 4 taps to turn on/off bluetooth. If my Settings.app is on a different screen add in at least one swipe (maybe more) or a double tap of the home button and possibly one or more swipes. And now with iOS4 if I had Settings.app open to some other page of settings, I may have to hit the back-button several times to get where I need just to start the process.

SBSettings: single swipe and tap from anywhere on my phone - always the same motions.
Apple: many taps/swipes depending on differing circumstances.

SBSettings also has a quick and convenient brightness setting, and a quick and easy way to reboot or power off the phone, again actions which take multiple steps with Apple's process. SBSettings makes it simple for me to quickly adjust things on my phone as I get into or out of the car, or when I need to change things rapidly and frequently...

Pretty much the only reason I jailbreak. If Apple would either modify the Settings.app to have toggles capability on the first page, or allow third party apps in the app store to access toggles so someone could make a toggle app - then jailbreak would lose all appeal to me.

When I got my iPhone 4 it took me two weeks to stop swiping trying to get to SBSettings

I have sent the suggestion to Apple to implement something like SBSettings with every iOS release since v3...
 
Aleco said:
It is a PDF Vulnerability, and it's called a PDF Bomb.

Code: 
%PDF-1.3
%ƒÂÚÂÎßÛ†–ƒ∆
[B]4 0 obj
<< /Length 631 >>
stream
q Q q 18 750 576 24 re W n /Cs1 cs 0 0 0 sc q 1 0 0 -1 0 0 cm BT 0.0003 Tc
7 0 0 -7 534.7051 -768 Tm /F2.0 1 Tf [ (4/15/10 8:01 P) 1 (M) ] TJ ET Q q
1 0 0 -1 0 0 cm BT 7 0 0 -7 18 -768 Tm /F2.0 1 Tf [ (d) -0.4 (a) -0.2 (ta)
-0.2 (:) -0.4 (te) -0.1 (x) -0.3 (t/) -0.4 (h) 0.4 (tm) 0.4 (l) -0.1 (,) -0.4
( ) ] TJ ET Q Q q 18 40 576 24 re W n /Cs1 cs 0 0 0 sc q 1 0 0 -1 0 0 cm BT
-0.0003 Tc 7 0 0 -7 555.6299 -43 Tm /F2.0 1 Tf [ (Pa) -1 (ge ) -1 (1) -1 ( )
-1 (o) -1 (f ) -1 (1) ] TJ ET Q Q q 18 190 576 560 re W n /Cs1 cs 1 1 1 sc
18 190 576 560 re f 0 0 0 sc q 0.8 0 0 -0.8 18 750 cm BT 16 0 0 -16 8 22 Tm
/F2.0 1 Tf ( ) Tj ET Q Q
endstream[/B]

It's using the Stream exploit found by Didier Stevens (http://blog.didierstevens.com/2008/05/19/pdf-stream-objects/).
Click to expand...

Do you know that for a fact? Because it sure doesn't look like it. That exploit is regarding cascading filters on streams, not streams themselves. The PDF code you posted doesn't have any filters defined.

EDIT... i'm even more convinced that he's exploiting typeservices now that I looked at the pdf's.
 
chim9999 said:
Wow. I have no clue how it was able to work in the first place. I'm ignorant on this subject. That's why I wanted to do a little reading on it. Which is why I asked for the link to the article. But thanks for making me feel clueless, all the same.
Click to expand...

That wasn't my intent, so sorry about that. I definitely should have worded it better. But there seems to be a lot of confusion about this security hole. A jailbreak is nothing but programming code. Some people think that the jailbreak is the cause of the hole, when in reality, jailbreaks are only possible through existing security flaws in Apple's iOS code. Since no software is 100% bulletproof, talented hackers, if given enough time, can find a weakness in the code that will allow them to inject their own code into the operating system, and it's that injected code that gives you full access to the OS and allows you to install and/or modify whatever you want.

So, in theory, a malicious hacker could also discover the same security flaw in iOS, and use it to grant his code full access to the OS, and then use that code for nefarious purposes, such as stealing data. That's why it's a threat to non-jailbroken iPhones - the security flaw had to exist in a non-jailbroken device in order for the jailbreak to "break in" and work in the first place. No flaw = no way for jailbreak software to execute.
 
Wow so much misinformation. Firstly if you don't like jailbreaking that's fine, keep your misguided opinions to yourself. Secondly you should be thanking comex for finding this exploit. If he hadn't found it then someone else would have eventually, and that person could have used it maliciously. Some of you don't seem to understand the exploit was always there.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back