Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The ability to run any code is significantly different from “jailbreaking” a phone, a term used when the owner of a phone breaks the security locking that device to a particular provider or operating system, because it requires physical access to the device, Miller says. “Jailbreaking is, you have your own phone, you have it in your hand, and you want to do something to make sure you can put nonsigned code on it,” he says. “You own the device, so you can do certain things to it.”

In fact, at the CanSecWest Conference in March, Miller, Alvarez, and other researchers realized that attacks that work on jailbroken phones would not work on regular (non-jailbroken) iPhones. They had assumed that the attacks they had found on a jailbroken iPhone would work on nonbroken devices. Instead, they found that their attacks would not work.

“Basically, what happened was that everybody made the same mistake, and we all have learned from it,” Recurity’s Alvarez says. “We used jailbroken iPhones in order to be able to debug.”

While the researchers could not come up with any legitimate uses for running unapproved code on the iPhone, Miller stresses that the research is valuable. Like nearly 40 million other people, he carries an iPhone containing work information, personal details, and family pictures. Knowing the limits of the device’s security is important, he argues.

“The thing is, I’m pointing out exactly what bad guys can do against the device,” he says. “They are likely doing parallel research, except they don’t share their results. It is better for everyone to understand the strengths and weaknesses of the security of devices, and make informed decisions about what devices they should use and how they should use them, rather than having only the bad guys know how they work.”

Of course, Apple may have already fixed the issue. Later this month, the company will release version 3.0 of the iPhone operating system, and Miller will have to make sure his attack still works.

“With iPhone 3.0 coming out, that might change a lot of this stuff,” Miller says.

1 comment. Share your thoughts »

Credit: Technology Review

Tagged: Computing, Communications, Apple, security, iPhone, Black Hat security conference, hacks

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me