Technology Review - Published By MIT
Technology Review  in English | en Español | auf Deutsch | in Italiano | 中文 | in India
Advertisement

iPhone Hackers Get a Break

Continued from page 1

By Robert Lemos

Thursday, June 11, 2009
smaller text tool iconmedium text tool iconlarger text tool icon

The ability to run any code is significantly different from "jailbreaking" a phone, a term used when the owner of a phone breaks the security locking that device to a particular provider or operating system, because it requires physical access to the device, Miller says. "Jailbreaking is, you have your own phone, you have it in your hand, and you want to do something to make sure you can put nonsigned code on it," he says. "You own the device, so you can do certain things to it."

In fact, at the CanSecWest Conference in March, Miller, Alvarez, and other researchers realized that attacks that work on jailbroken phones would not work on regular (non-jailbroken) iPhones. They had assumed that the attacks they had found on a jailbroken iPhone would work on nonbroken devices. Instead, they found that their attacks would not work.

"Basically, what happened was that everybody made the same mistake, and we all have learned from it," Recurity's Alvarez says. "We used jailbroken iPhones in order to be able to debug."

While the researchers could not come up with any legitimate uses for running unapproved code on the iPhone, Miller stresses that the research is valuable. Like nearly 40 million other people, he carries an iPhone containing work information, personal details, and family pictures. Knowing the limits of the device's security is important, he argues.

"The thing is, I'm pointing out exactly what bad guys can do against the device," he says. "They are likely doing parallel research, except they don't share their results. It is better for everyone to understand the strengths and weaknesses of the security of devices, and make informed decisions about what devices they should use and how they should use them, rather than having only the bad guys know how they work."

Of course, Apple may have already fixed the issue. Later this month, the company will release version 3.0 of the iPhone operating system, and Miller will have to make sure his attack still works.

"With iPhone 3.0 coming out, that might change a lot of this stuff," Miller says.

Tags

Apple Black Hat security conference hacks iPhone security

Related Articles

Comments
  • iPhone Hackers Get a Break
    It is better for everyone to understand the strengths and weaknesses of the security of devices, and make informed decisions about what devices they should use and how they should use them, rather than having only the bad guys know how they work...this would remove the doubts on consumers while choosing their products...with iphone having already occupied a large share in the market this news is surely a huge blow to the developers of iphone...having said this is it too late for the hackers? or is it at the right time?
    Rate this comment: 12345

    raymason@gma...
    07/16/2009
    Posts:8
    Avg Rating:
    3/5
  • iPhone Hacks a Real problem !
    I am an iPhone user for that last one year, I have gone through all the security phases of this gadget, the first generation firmware 1.1.4 has a lot more security holes an compared to currently running version 3. However one thing remains the same that both can be cracked easily.

    I was living in a country where I can’t use iPhone, because iPhone lunched with at&t career service but at that time the web was full of scripts and software to unlock and jailbreak the iPhone and this all works good for me and I used the apple iPhone where apple was not authorized to be used.

    Later on when apple launches unlock iPhone, at that time iPhone apps were taking hype and that was the hottest topic of iPhone, people start working to run cracked apps (from Cydia and Installer), later on App store hit the market but I can surely say that iPhone security is not very good. You name any app and I can assure that it will be available on the web to run right away.

    At first I need to follow certain steps to crack the iPhone OS to run application synced from iTunes, this was done by changing the permissions of some files in iPhone OS/firm ware, files can easily be accessed through wi-fi. (WinSCP). Now there are websites which offers cracked applications, just download and sync with your iphone to run. There are cracked applications to run directly on your iPhone OR you can change permissions of your iPhone’s firmware files to run original apps.

    I think apple should take serious steps to get real benefit out of App Store. A friend of mine told me about some of the security measures taken by Apple at hardware level, which results in compatibility issues to iphone 3g accessories with iPhone 2g and iPhone 3gs.
    Rate this comment: 12345

    ronnie.willi...
    07/26/2009
    Posts:4
Reply

Log In

Forgot your password?     Register »
Advertisement

Videos
Latest Videos
Brain Imaging and IQ

Top Stories Of The Day

Technology Review November/December 2009

Current Issue

Natural Gas Changes the Energy Map
The United States has vast supplies of this cleaner fossil fuel. But how should we use it?
Featured Content
Sponsored by:
White Papers

Twelve ways to reduce costs with SQL Server 2008
Find out how to reduce costs and get more efficient

Download

Total Economic Impact of SQL Server 2008 Upgrade
Forrester reports on increasing productivity and management capabilities

Download 

Achieving Cost and Resource Savings with UC
How Office Communications Server R2 and Exchange Server can make your business smarter and more efficient

Download 

RSS Feeds

xml icon TR Top Stories
xml icon TR Editors' Blog
xml icon TR Video Blog
xml icon TR Video
Advertisement
Subscribe to Technology Review's daily e-mail update. Enter your e-mail address

TECHNOLOGY RESOURCES
Advertisement
MIT Massachusetts Institute of Technology © 2009 Technology Review. All Rights Reserved.