Skip to Content
Uncategorized

Military Malware May Have Killed the iPhone Jailbreak

Malware developers will pay large sums for the bugs needed to loosen Apple’s software restrictions.
March 5, 2013

Since the debut of the first iPhone, Apple has played a cat-and-mouse game with hackers who want to install “unofficial” software onto their locked-down devices. That game may be about to end thanks to the booming business in state-backed malware.

The race between Apple and the hackers goes like this: hackers develop and release software that can “jailbreak” an iOS device so it can be tinkered with freely, then Apple neutralizes the new method with a software update. The latest round started in early February when a group of coders known as Evad3rs released their latest jailbreak tool, evasi0n, and Apple appears poised to release a patch soon.

All that could soon be over because jailbreaks work by exploiting previously unknown bugs in Apple’s software. Those are also known as “zero days” and are now very valuable to people building sophisticated malware for the purposes of surveillance and industrial espionage (see “Welcome to the Malware-Industrial Complex”). People with knowledge of the market for vulnerabilities say the value of iOS bugs is high enough to make selling a bug much more attractive than working it up into a new jailbreak method.

Charlie Miller, a hacker famous for demonstrating ways to hack the iPhone and other Apple products, tweeted around the time of evasi0n’s release that it would likely be the last. He listed five reasons, including that Apple has tightened the security of its products and that a person who found a zero day for iOS could “sell it to make $250k.”

The cofounder and CTO of mobile security company Lookout, Kevin Mahaffey, gave a higher estimate earlier this week, telling me that the “current price” of iOS zero days is $500,000. The Evad3rs have a donation button on their jailbreak site but whether it could raise amounts competitive with such sums is unknown.

The zero day market is a shadowy one, so getting a price like those estimated by Mahaffey and Miller would require having the right connections. Apple’s work on making iOS tougher to crack may make that more likely, since finding a zero day for the operating system has become a more elite pursuit. Zero days for mobile systems are particularly valuable because they are rarer than for conventional computer systems, people are less wary of security threats on mobile devices, and they tend to stay undiscovered and unpatched for longer.

All that means that evasi0n may be the last of the publicly available jailbreaks. Jailbreaks will still be around, but only intelligence agencies and military will be doing them. What Apple thinks of that is anybody’s guess.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.