Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS4 Jailbreak Method Brings Security Concerns

doc362 said:
I can't believe you actually said that. The fact of the matter is that you don't know what is in the code.

It's pure ignorance to postulate that exhibit A of unknown code is somehow superior to exhibit B of unknown code simply because of the way it's packaged.

Just because you've grown comfortable w/past releases of code breaking software (created by someone who has absolutely no stake in the liability of their product) doesn't mean that you won't be taken advantage of in the future.
Click to expand...

ViViDboarder was not saying anything about the trustworthiness of any particular source of jailbreaking software.

Rather, his opinion that this particular security vulnerability is more severe than most others that have been used for jailbreaking, is based on a completely different argument.

Most other methods of jailbreaking have involved a series of deliberate acts. Acts complicated enough that, even if the jailbreak was secretly delivering a torjan horse, they should still set off alarm bells in the user's mind that they are about to do something risky or unauthorized. Thus they are actively making an affirmative decision to assume the risks associated with the jailbreaking process.

On the other hand, with this particular exploit, depending on how the jailbreak is presented, the user might not have the opportunity to stop and think, "do I really want to jailbreak my phone?", because the exploit could be crafted and advertised in such a way that they don't even know they're abut to jailbreak their phone in the first place. Potentially, all they have to do is follow a link from any random google search to a maliciously crafted website, and before they have a chance to know any different, they've had code injected onto their phone without their consent. Therefore, the user might not have an opportunity to make the affirmative decision to assume the associated risks.

The key distinction is the absence of consent. That makes this sort of vulnerability more severe than most that have been used for jailbreaking in the past, and it's a bad thing for every iPhone user, regardless of whether or not they're interested in jailbreaking.

The sooner Apple releases a fix for this vulnerability, the better it will be for every iPhone user.
 
Torrijos said:
No wonder the Nigerian scam still works well...

Lets see, you let some hackers patch your phone, through a security hole in the system they probably found months ago and never told to the platform builder, so they can install an app store... All this based on their trusted word that in no way this could possibly end badly...

For sure the store is completely free and uncontrolled, devs can use whatever libraries they want and again all you have to trust is their words that their app won't do anything wrong...

The thing is, that's an awful lot of trust in people you've never met and will never meet. It's not like a big chunk of the internet traffic is made of spam/scam and other crap, not like most users couldn't know what the apps they installed are really doing (even so on the desktop, how many time people just type their admin password for an installer just trusting that the app they're installing will just do what she promised to do).

Any joker-man can use said free systems to do harm...
That funny wallpaper app you installed, it just happens to run your phone to its max whenever you start charging it, overheating it and killing it slowly.

That mms app, just happens to send your information and the informations of your contacts somewhere in Russia (or Kentucky... whatever).


I agree that Apple has some nasty limitations on its platform but which are there for the providers benefits or to funnel the way devs works and which are there to ensure hardware stability and user security, who besides them can tell?
Click to expand...

I think you are right but I also think that Apple needs to take a closer look at the way it reviews apps before they go on the App Store. The flashlight app that hid tethering was a good example. It wasn't looked at too closely by Apple and had a hidden function.

Question is, how many more apps have hidden functions that haven't been discovered yet? Whether on the App Store or on Cydia.

I read somewhere that the devs for Little Snitch were thinking of releasing an iPhone version. I don't think that can come soon enough.
 
bawbag said:
I think you are right but I also think that Apple needs to take a closer look at the way it reviews apps before they go on the App Store. The flashlight app that hid tethering was a good example. It wasn't looked at too closely by Apple and had a hidden function.

Question is, how many more apps have hidden functions that haven't been discovered yet? Whether on the App Store or on Cydia.

I read somewhere that the devs for Little Snitch were thinking of releasing an iPhone version. I don't think that can come soon enough.
Click to expand...

Two problems with this:
i) a "globally" configurable firewall on each iPhone would give the user the possibility to block the "phone home" function of the iPhone, which sends location and other diagnostic data via WLAN to Apple every 12hr. Somehow I doubt that Apple would want to enable users to cut-off this (for Apple) "free" information stream.
ii) iPhone Apps from the App store are only allowed to run within a "sandbox", hence they cannot monitor or even control the network communication of other Apps.

The (sad?) irony is that if you want to monitor and block "hidden" communication streams from Apps, you have to JB your iPhone and install an "unauthorized" firewall app (like, e.g., "Firewall iP"). :eek:
 
But the thing is whenever such apps (that don't do what they're supposed to) are discovered Apple has the possibility to shut them down remotely (if the device is connected), and evaluate the situation and it's dangerousness for the end user.

Who assumes responsibility in the jailbreak world?

If an app passes Apple tests, and end up harming the user you can be sure that they'll be (or made) liable.
 
rjohnstone said:
That's a pretty uneducated statement.
The PDF bug has nothing to do with Adobe.
The hole is in Apple's implementation of an open source PDF viewer.
Click to expand...

Browser plugins are not being supported. Extensions that are approved by Apple are the new method of integrating applications with Safari. Although this is a hole in Apple's PDF viewer, it enforces the potential security issues with allowing a plugin like Flash. Apple would have to approve every Flash implementation, not just the Flash plugin. Just read this:

http://developer.apple.com/safari/library/documentation/Tools/Conceptual/SafariExtensionGuide/Introduction/Introduction.html
 
cerote said:
And again the hackers have a patch for the security exploit while non-jail breakers have to wait for apple.
Click to expand...
As explained by someone else already, this is not a patch but a workaround; All it does is to ask you whether or not you want the PDF to be loaded. That is not a real solution, but it can be helpful yes.
 
Reed Rothchild said:
Precisely. Jailbreaking is inherently reliant on security holes. Though this current exploit seems on the surface to be more open to abuse, any of the previous jailbreak exploits could also have done serious harm to your phone if wrapped up in a similarly benign package. Not sure why this one is particularly newsworthy.
Click to expand...

Prior holes used for jailbreaks required having the user run software on their PC to go through the process. This one only requires that the user visit a web site.

That's the difference.

Run this software that takes advantage of a local exploit to update parts of the OS image, vs. Hit this website that takes advantage of a remote exploit to run arbitrary code on your iPhone.

Yes, in this particular case, there's no difference between the end result of the process, but anyone else who figured out how to exploit this could get your iPhone to run any code they wished. *ANYTHING*

That's the problem.

Local exploits are inherently mitigated by the fact that you need physical access to the device in question. Remote exploits suffer no such limitation.
 
doc362 said:
I can't believe you actually said that. The fact of the matter is that you don't know what is in the code.

It's pure ignorance to postulate that exhibit A of unknown code is somehow superior to exhibit B of unknown code simply because of the way it's packaged.

Just because you've grown comfortable w/past releases of code breaking software (created by someone who has absolutely no stake in the liability of their product) doesn't mean that you won't be taken advantage of in the future.
Click to expand...

You didn't read the post I quoted...

goosnarrggh said:
ViViDboarder was not saying anything about the trustworthiness of any particular source of jailbreaking software.

...

The key distinction is the absence of consent. That makes this sort of vulnerability more severe than most that have been used for jailbreaking in the past, and it's a bad thing for every iPhone user, regardless of whether or not they're interested in jailbreaking.

The sooner Apple releases a fix for this vulnerability, the better it will be for every iPhone user.
Click to expand...

Exactly. :D

One final note... There are people here saying that these developers are "shady" but with that mentality where would you be now?

What if nobody bought the first Apple computer. It was created by some "shady" hackers in their garage after all! How about any of the apps that are bought in the App Store? It's already come out that plenty of them leech personal info without any indication to the user. There has to be a certain amount of faith in developers. I'm not saying that it should be blind faith though. Do your research before you do anything. With that said... I do feel very comfortable with the dev team.
 
Ok, but then ....

Which method(s) of jailbreaking would you be less worried/unconcerned about?

I'm asking because as far as I can tell, unless/until Apple starts allowing jailbreaking without putting up barriers to it, the ONLY way people can jailbreak an iPhone or iPad is by way of a security exploit they discover. Anything "serious" in nature enough that it's usable to break in and "root" the device for a jailbreak is ALSO serious enough so it can be used for much more harmful attacks.



Small White Car said:
Exactly. I said this in the other thread, too. I don't have a problem with jailbreaking, but the fact that this particular method of doing it is possible worries me somewhat.
Click to expand...
 
kingtj said:
Which method(s) of jailbreaking would you be less worried/unconcerned about?

I'm asking because as far as I can tell, unless/until Apple starts allowing jailbreaking without putting up barriers to it, the ONLY way people can jailbreak an iPhone or iPad is by way of a security exploit they discover. Anything "serious" in nature enough that it's usable to break in and "root" the device for a jailbreak is ALSO serious enough so it can be used for much more harmful attacks.
Click to expand...

https://forums.macrumors.com/showthread.php?p=10727550#post10727550

I already addressed the difference.
 
Probably showing my ignorance here, and perhaps no one really knows the answer, but would changing the Apple "assigned" root password help prevent people from taking advantage of this exploit?
 
Yeah... not really an excuse...

Serelus said:
It's not any different with your desktop you know? you still have to visit the particular site handling this exploit. I assume you don't go visiting random sites blantantly without taking any precautions.
Click to expand...

Just because people are ignorant of security doesn't mean vendors shouldn't do their best to provide secure software. Lots of browsing is to unknown sites. If they dump a maliciously crafted PDF file on you that exploits a bug to take control of your device, that's a problem.

Serelus said:
Same goes for your iPhone don't visit sites you don't trust if you happen to come across one anyway just restore it and don't go there again geez....
Click to expand...

Right, which works great unless the malicious code that just executed on your phone didn't transfer every last bit of data off the phone to someone else. And if the response to that is "Don't put any private data on your phone..." I have a computer with no network connection in a locked room without power for you... it's really secure.
 
slippperygoo said:
For anyone who is concerned about this vulnerability on thier non-jailbroken iPhone there is an easy fix to avoid someone hacking into your phone to be malicious and restricting their access to your device.

Solution
Jailbreak your device and then change the mobile and root password defaults from the standard apple password: alpine.
Click to expand...

i'm assuming you are talking about the ssh password. but wouldnt someone have to be in the vicinity of your phone to do that, plus they would have to know the ip address, and bank on the fact the user has open ssh installed and turned on. ofcourse there may be other ways to ssh or get access to your iphone root that i am not aware of. please shed some light on this. thanks.
 
rmatthewware said:
Okay, it's legal to jailbrake, sure. But it seems the US is the only place where people expect to be able to break the rules and still be protected by the manufacturer. I want to jailbreak the phone and still have Apple take care of me. I'm talking about jailbreaking in general here, not this specific incident. It's not about being controlled, it's about demanding imaginary freedoms.

This is like buying a car, taking out the engine, tires, brakes, transmission; replacing those with after market parts; then getting mad at the car manufacturer when things go wrong.

You jailbrake your phone, you're taking your chances. And yeah, just as the car manufacturer shouldn't honor their warranty, Apple shouldn't honor theirs if you do this.
Click to expand...
Wrong.

It's like Chevy putting a governor on the Corvette saying you can only go 60.

I bought a Corvette, I paid damn good money for it, I'm going over 60.

If I crash the car going 90? So be it. But if the ABS goes out because of poor craftsmanship or parts, I'd expect Chevy to fix their issue.
 
Just be careful about this JB. I did it yesterday, went smooth. Today, installed My3G - and bricked my IP4 4.01. Had to go into DFU mode and restore. So just be aware of that possibility. I didn't even use My3G, just installed it - did not install or use any other apps either.

Cheers
 
BigJoe2000 said:
Actually, It's more akin to changing the locks on your car and still expecting the manufacturer to fix the engine if it breaks. Let's not forget that this is all software that we're talking about. Whenever you take the iphone (or most any piece of apple hardware) in "for service", they'll do a reset of all the software on it and return it to you, expecting that you've done proper backups on your own.

The only thing I would expect them not to fix for me is if I cracked open the phone to replace a RAM module or something... but clearing the internal memory and rewriting it with their freshest version of the software is not an unreasonable expectation.
Click to expand...

Uh... no...

This is more like buying a car... then buying a tuning kit that overwrites the software used to control all elements of your engine when you hit the gas. You know... so you can tweak a few more HP out of your car, break emissions... voiding the warranty... and potentially putting more stress on parts.

Ah, who do I think I'm talking to here? Car analogies don't go well with most of the Apple crowd.
 
Not my Precious!

[TRUTH] ALL Hackers are bad news, kids. These "lowlifes" only have 1 goal in life: To eat your children! Please see this link on the worst kind of hacker, the kind that uses their knowledge to amass millions of $$$!
My Precious is a hacker??? Say it aint so!!!1!!1!1!ONE!
Don't forget about Steve Wozniak, Bill Gates, or Linus Torvalds. Just remember: Trust no one and keep your babies close! [/TRUTH]
 
jicon said:
Uh... no...

This is more like buying a car... then buying a tuning kit that overwrites the software used to control all elements of your engine when you hit the gas. You know... so you can tweak a few more HP out of your car, break emissions... voiding the warranty... and potentially putting more stress on parts.

Ah, who do I think I'm talking to here? Car analogies don't go well with most of the Apple crowd.
Click to expand...

Yea, your analogy is close but still not there. It's not like there's any apps that push the hardware beyond it's intended use. There's nobody overclocking iPhones, there's no under/over volting happening. It's all just running a different application. If we were going to make a car analogy it'd be like the manufacturer saying that if you change your stereo (the one they installed only has a radio and no CD player) or your tires to any you don't get from us your warranty on your engine is totally null and void. I'd still probably put whatever tires I damn well please on and install a new top of the line stereo. Nothing that the car body, transmission, engine, alternator can't handle and nothing that they weren't build to handle. If my transmission blows I'd just put the stock tires back on and pull out the stereo again.

Most people jailbreak to install applications that Apple doesn't WANT you to install. Not to install things that push your phone to the bleeding edge. I mean... the iPhone has some FANTASTIC hardware. You mean to tell me that it's not as capable of doing things that an Android phone can? No. Apple just doesn't want you to. If you jailbreak and do these things you're not taking your phone to an early grave and screwing Apple over on the warranty.

I recently ditched my iPhone 3G to get a new top-of-the-line phone. I never once made a warranty claim or had Apple repair or replace anything. It was jailbroken since the very first Pwnage tool that supported iPhone OS 2.0.

Jailbreaking is not dangerous. It doesn't screw anyone over. It shouldn't void your warranty on hardware (I am aware that the terms say it does, but I feel that is unfair business practice. If I install Linux on my iMac does that mean Apple should be able to refuse replacing my display if it craps out early?). The thing that is dangerous is that the vulnerabilities that are used to jailbreak exist in the first place! And these are 100% Apple's fault!
 
WannaGoMac said:
Here's one killer feature, UNLOCK. I enjoy being able to use a local SIM when traveling rather than pay ATT ridiculous international roaming charges.
Click to expand...

Same here. AT&T's outrageous charges were the main reason I unlocked. I have no interest in the "third-party" Cydia-sourced software... but you can't unlock without jailbreaking first. I'm now in Ukraine, and using my US iPhone on a local SIM. As it should be.

I'm against the whole practice of carrier-locking a phone. Especially one as expensive (and now ubiquitous) as this one. I understand their rationale, but it doesn't change the fact that it's simply wrong on many levels.

My next iPhone will be bought from Poland (or better, Hong Kong), officially unlocked, and freely usable anywhere. As it should be.
 
What i find funny is that at the moment (before apple bring out a fix) the only way to safe guard your iPhone from being hacked by unauthorized pdf's is that u have to jailbreak it to install software that tells u when a pdf is trying to access your iPhone
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back