iPhone, iPod Touch 1.1.1 Firmwares Jailbroken

vertigoCiel writes "Hackers Niacin and Dre have recently gained full read and write access to the filesystems of both the iPhone and the iPod Touch. The Jailbreak exploits a vulnerability in Safari's TIFF library to execute the necessary code when the specially crafted image is loaded. Access can then be permanently sustained by modifying the fstab file with iPhuc"

Makes me wonder

[Dunbal]

I wonder if Apple are going to keep playing "cat and mouse", and try to bring legal action to bear against these "vile hackers", or if they're going to take the hint that you can't stop us all? Clearly there's a demand for unlocked iPhones.

Re:Makes me wonder

[Aladrin]

What 'hint'? They are under legal obligation to maintain their firmware so that the phones can't be used on other networks for another 5 years. They are also under obligation to their customers to provide firmware for their phone that is as bug-free as possible. If the user can hack it, a malicious attacker can, too.

So are you saying that they shouldn't patch the vulnerabilities, that they shouldn't release new firmware at all, or that they should break their contract with AT&T which could make every iPhone out there useless overnight unless it is hacked?

Re:Makes me wonder

[Threni]

> They are under legal obligation to maintain their firmware so that the phones can't be used on other networks for another 5 years.

In some countries the exact opposite is true!

For Example: Soviet Union and South Korea

[Johnny Mozzarella]

In the Soviet Union the firmware is under legal obligation to maintain you for 5 years.

In South Korea only old people maintain their firmware.

I'd just like to point out

[SpiritGod21]

Apple's firmware division is not in charge of Gundam.

Re:

[WhatAmIDoingHere]

I don't know the law, but maybe for a branding/marketing point of view it would have made sense. Even if you can only sell them unlocked, being the only source other than directly from Apple that is able to sell the iPhone sounds like a lot of business to me.

Re:

[tlhIngan]

(offtopic, but makes me wonder why on earth Orange signed/wanted to sign an exclusivity deal with Apple, knowing what the laws were in France)

Don't see why Apple can't sell it as an unlocked phone.

It's got double activation, so the first one would be to sign up for an Orange contract. Oh, the phone's unlocked alright, but you'll have to sign this contract to use it, so you'll pay your provider plus Orange. Sure you can probably get out of it, who knows what the contract termination fees are (probably along

Re:Makes me wonder

[Reality Master 101]

But they're not under any obligation to prevent third party applications. That's just greed. They want to eventually sell only licensed third party apps.

Re:Makes me wonder

[Aladrin]

I don't know what their contract says with AT&T, but that might very well be on there. Something to the tune of 'only tested and approved applications'.

But even assuming it's not a contractual obligation, Apple announced they weren't going to allow third-party apps weeks before the first iPhone was sold. It wasn't a surprise and anyone who bought it with the intent of hacking it and putting their own apps on it did so at their own risk.

I've bought devices, used 'hacks' on them, and did other things with them. But I did so with each of them with the complete understanding of how much money I could lose if anything happened that I couldn't control. In fact, while I was soldering one, my father was in the other room saying comforting things like 'That's a $300 mistake.' Turns out, he was almost right on that one... I barely managed to fix it.

Anyone complaining about Apple updating their firmware has rocks in their head. It's what they do, it's what they said they'll do, and nobody ought to be surprised that they'll do it.

If you want an open phone, there are several on the market or very close to market that will work MUCH better and the companies will support you in creating the apps. There's no need to hack the iPhone and Apple has cheated no one.

Re:

[morgan_greywolf]

I don't know what their contract says with AT&T, but that might very well be on there. Something to the tune of 'only tested and approved applications'.

Such a statement seems to be in conflict with AT&T's own behavior. [slashdot.org] So, no I doubt that very much.

If you want an open phone, there are several on the market or very close to market that will work MUCH better and the companies will support you in creating the apps. There's no need to hack the iPhone and Apple has cheated no one.

I agree with that sentiment completely. If you don't like it, go elsewhere...Palm, Nokia, and other companies are making smart phones that encourage third-party development. If that's what you want, support them with your dollars instead of Apple. If Apple gets the message that people want third-party apps, they might change their product strategy to support that.

Re:Makes me wonder

[visualight]

If you want an open phone, there are several on the market or very close to market that will work MUCH better and the companies will support you in creating the apps. There's no need to hack the iPhone and Apple has cheated no one.

My opinion on this is that it is unethical and should be illegal for ANY phone on the market to be restricted to a network, or restricted in available applications based solely on who gets paid. It's bad enough that companies have framed the software market so that products you "buy" aren't yours but licensed, they want the same paradigm with hardware too. It's bullshit, and it shouldn't be tolerated just because someone else sells uncrippled hardware.

Re:Makes me wonder

[Inanition85]

Thing is, most anytime you buy a cell phone, you're buying both the hardware and the network, not one or the other. It's just like the verizon commercials where the "network" (crowd of people) follows around those who just bought their phones, you don't get one without the other. While this may seem to be "unfair" or "unethical", remember that in a free market economy, any time someone sees a market they can go into and make a profit, they will. In this case, the major manufacturers of phones and major carriers have seen a market that they can make a profit on in a certain way and are doing so.

Another thing, this really isn't so different from what most hardware manufacturers do. If you buy most video cards or processors/mobos (certain high end/hardcore gamer models excepted, of course), the licensing and warrantees say that if you attempt to modify the hardware or use it beyond its specs (i.e. overclocking either in hardware or with hacked drivers), the warrantee is void. And in further comparison, are not certain pieces of hardware locked to certain OSs or manufacturers? (I'm thinking the reversed PCI cards and mobos on Gateway PCs of a few years back, or the fact that most Compaq and HP pcs of the past have had entirely proprietary hardware that cannot be replaced with standard components.) Even Apple themselves (until recently) would not support or even officially allow Windows to run on their PCs (and they still do not allow their OS to run on IBM-compatible PCs, anything not made by Apple won't run it). How is this that different from the iPhone?

Nothing I've seen in the PC or cell phone markets should lead me to believe that what Apple is doing with the iPhone is any different that what every other company does with their products (including the price cut). What a shock, Apple is a company just like everyone else! So maybe the iPhone has some amzaing capabilities and we'd like it to be unlocked so we can exploit these as we'd like, but Apple makes the device, and can sell it as they see fit. If you don't like that, maybe it's time for you to either run for Congress and change the laws, or go and create a device that's as good (or better) on your own. Either way you'll be contributing more to society than sitting on /. and repeatedly posting about how bad this is. And lest you call me a hypocrit, I'm in law school taking copyright classes and the like, so that perhaps I might be able to make a difference when finished.

Re:

[visualight]

Thing is, most anytime you buy a cell phone, you're buying both the hardware and the network, not one or the other.

Exactly.

Re:

[larkost]

I don't agree that this is a matter of ethics, but think that the network restrictions should be legislated away for economic reasons (break up monopolies).

And thus far there is nothing but a couple of vague rumors that Apple is going to allow anything but Apple applications on the iPhone. It is unlikely that there is any financial arrangement between Apple and Google to get the current "Google applications" on the iPhone, and thus far they are the only non-Apple apps on the iPhone (without jailbreak).

Now A

Re:

[Archangel Michael]

My opinion on this is that it is unethical an should be illegal for ANYONE working in the marketplace should get paid.

You see, when one person decides for themselves what legal and illegal OUGHT to be and breaks rules based upon what they think OUGHT to be the case, the whole system starts to break down.

If you don't like the system, change it. If you can't get enough people to go along with you for whatever reason then move, or shut up, or keep working on changing the system. Just because you don't like so

Re:

[WhatAmIDoingHere]

Except Comcast doesn't sell TVs, Exxon doesn't sell cars, and Verizon doesn't sell computers. This is someone who has a network already in place (AT&T) and they're selling access to it (Cellphones). If you don't like AT&T use Verizon. Or T-Mobile. Or one of the other guys.

And if Comcast (or Time Warner in my case) knocked 70-90% off of the price of my TV but I could only use that TV on their 'network' I'd be all for it. And just like with AT&T if you don't like that deal go find one you DO

Re:Makes me wonder

[ZachPruckowski]

I've bought devices, used 'hacks' on them, and did other things with them. But I did so with each of them with the complete understanding of how much money I could lose if anything happened that I couldn't control.

Anyone complaining about Apple updating their firmware has rocks in their head. It's what they do, it's what they said they'll do, and nobody ought to be surprised that they'll do it.

All true. Expecting Apple to support hacked models with new firmware is a bit silly. The iPhone updater completely re-flashes the iPod, and then re-adds the data from iTunes. So any update will at least wipe Apps, unless Apple does special work to preserve them.

But just as importantly, there's nothing saying you "have to" update the firmware. It's voluntary. Sure, you've got to if you want the bugfixes and new features, but that's hardly mandatory. Users can continue to use the 1.0.2 firmware for as long as they want to, or until there's some sort of iPhone virus out there.

Re:

[Kazoo the Clown]

If you want an open phone, there are several on the market or very close to market that will work MUCH better and the companies will support you in creating the apps. There's no need to hack the iPhone and Apple has cheated no one.

There's no need to climb Mount Everest either, but lots of people do it just the same...

Re:

[wrf3]

It's what they do, it's what they said they'll do, and nobody ought to be surprised that they'll do it.

Are you kidding? Since when do parents (or politicians) really carry through with their threats? Meaning what you say is a rapidly dying practice.

Re:

[WhatAmIDoingHere]

The something "bad" was closing security holes that allowed anyone to execute code on the iPhone as root. Yeah, that's fucking EVIL. And with the new tiff issue it will be patched by the end of next week, I'm guessing. The problem isn't the 3rd party apps. Apple even said "More power to you." The problem is that the only way to install them at the moment is taking advantage of security flaws.

Re:Makes me wonder

[Rogerborg]

Apple are supposed to be the "good" guys to their fanbase

Apple regularly bitch-slap their fanbase like 2-bit whores. And still they come crawling back for more, whispering "It's not them, it's me. Apple will change, if I just love them enough," through their split, swollen lips. It's sad, is what it is.

Re:

[njfuzzy]

This is a case of "one bad apple spoiling the whole lot"... The unlockers opened a can of worms. If the only hacks were interface mods, third party apps, ringtones, etc. I don't think Apple would care. Unfortunately, the jailbreaking that allows these also allows unlocking. Unless the network unlockers are going away, Apple has to stop the good along with the bad.

Re:

[MightyYar]

Profit Optimization != Greed*

In fact, Apple would be negligent and unethical if they did not act in the best interests of their stockholders.

Don't get so mad at a corporation just because they don't make the product that you want - you aren't their target demographic. There are plenty of "open" smartphones out there. If you want to get mad at a company, get mad at one of the makers of the open smartphones for not making one as cool as Apple's.

*This is assuming that their motivation for holding back 3rd part

Re:

[xappax]

Profit Optimization != Greed*

Making as much money as possible off the public, whether or not they've actually earned that money by providing a useful service definitely == Greed. I think the argument you're aiming for is the old hackneyed 80's mantra: Greed is good!

In fact, Apple would be negligent and unethical if they did not act in the best interests of their stockholders.

This is just a rehashed version of the "just doing their job" reasoning that justifies pretty much anything. Yeah, the Apple

Re:

[MightyYar]

Making as much money as possible off the public, whether or not they've actually earned that money by providing a useful service definitely == Greed.

Okay, I like your definition. The problem with it is that it does not describe what Apple has done. Apple has provided a cute little gadget that does exactly what they say it does and no more. It seems to be quite successful. It is certainly a "useful service". If you don't like it, well they certainly have no monopoly on smart phones! Buy another one. The market will decide whether or not they provide a useful service, not you.

The rest of your post is hard to comment on. You actually use slavery as an ana

Profit Optimization == Stupid

[LKM]

In fact, Apple would be negligent and unethical if they did not act in the best interests of their stockholders.

Yeah, that's bullshit. The most vocal shareholders usually value short-term gain. A corporation would be stupid to give in to that, but it seems what Apple is doing lately. Apple stayed alive next to Windows because they focused on the user. Apple is the number one MP3 seller because their product is better. Everyone wants an iPhone because the user experience blows everything else away.

In other words, Apple is successful because they give their customers what the customers want.

Recently, they have sta

Re:

[MightyYar]

You are not part of Apple's target demographic for the iPhone. We can speculate on why, but it would just be speculation. It could be that AT&T demanded the phone be locked down. It could be that Apple rushed the phone out and didn't have time to add features allowing 3rd party applications while maintaining stability. It could be that they are all just a bunch of miserable pricks who wouldn't know a good business decision if it bit them in the ass.

The important thing is that you are not their target de

Re:

[Dunbal]

Apple would be negligent and unethical if they did not act in the best interests of their stockholders.

      Once could argue that the negative publicity is not in the stockholder's best interests, despite short term profits. You can't use the "I did it for the shareholders" argument to justify dumping 20k barrels of toxic waste in the local river.

Re:

[geeknado]

Apple made a conscious choice to /not/ support third party apps when they failed to provide a development API for the iPhone. Most companies are "greedy", in that they need to make money to satisfy investors, and Apple's no exception. However, I'm not sure that's their primary focus here...Apple likes to maintain a user experience monopoly with its own devices...That "Experience" factor(it just works, etcetc) is key to their whole marketing strategy. In the OS world, they can't compete without supporting 3r

Re:

[LKM]

Their intention was not to block third-party apps per se. In fact, they have publicly said that they do not mind third-party apps.

The problem is that you need to run code on the iPhone in order to SIM-unlock it. So if Apple wants to prevent SIM unlocks, one thing they can do is prevent you from running your own code.

Re:

[WhatAmIDoingHere]

You're clearly not biased when it comes to discussing Apple, so please tell us more of what you think.

Re:Makes me wonder

[Rob T Firefly]

What 'hint'? They are under legal obligation to maintain their firmware so that the phones can't be used on other networks for another 5 years.

I could sign a specially-worded contract putting me under legal obligation to learn how to breathe margarine and turn the moon into a Buick, but it doesn't mean I'll be able to in practice.

Re:Makes me wonder

[Atzanteol]

But you *would* be under legal obligation to *try*.

Re:

[Johnny Mozzarella]

...and held responsible for monetary damages resulting from your inability to perform your contractual obligations.*

*IANAL

Re:

[oliverthered]

I think what were saying is that they shouldn't have entered into the 'greedy' contact in the first place.

I don't know what it's like in the states, but the IPhone contract in the UK is appaling.

1: you have to pay for the phone, no one pays for a phone on contract in the uk they all come free with the contract.
2: You don't get much for your money with the contract compaired to other contracts even if the other contracts didn't come with a free phone.
3: There are other, better, open phones to be had for free

Re:Makes me wonder

[Richard_at_work]

I currently have an O2 contract phone (W810i - very pleased with both phone and network) and my contract is coming up for renewal at about the same time as the iPhone will be released. As you can guess, my decision is now slightly more complicated:

• iPhone for £269.00 and 18 month contract for £35 a month:
  • 200 minutes and 200 texts a month
  • Unlimited (within reason) data
  • Free wifi access at the Cloud access points
• N95 for free and 18 month contract for £30 a month:
  • 400 minutes and 200 texts a month
  • Better featured phone
  • 200MB data a month for extra £7.50 a month or unlimited data for an extra £30 a month

The iPhone deal comes to £899 total and the N95 deal comes to £675.

Quite frankly, the *only* reason the iPhone is even still in the running is because of the inclusive data and wifi at the moment - and even then I am still heavily leaning toward the N95 with the 200MB data allowance.

Thoughts?

Re:Makes me wonder

[Gilmoure]

iPhone is really pretty?

Re:

[oliverthered]

are you near any cloud access points
are you really going to use more than 200mb a month
Do you prefer 3g performance.

If you answer those questions and decide that the iphone option is better, is it £200 better?

Re:

[zippthorne]

I thought it was because of the "table-top PC" style user interface. But I haven't bought one, so the only capabilities I'm aware of are the ones in the television ad...Phone! MP3-player! something else I forget! ... phone! MP3-player! ...

Re:

[toleraen]

I obviously don't know your data usage, but 200MB isn't really a whole lot if you really plan on using your phone as more than a phone. I consistently hit 400MB+ a month with just email, web browsing, live search/google maps, the occasional small download, etc. If I had 3G coverage where I lived I'm sure that number would at least double. That said, I'd still pay the extra $ for the N95 with unlimited data.

Re:

[LKM]

My thought on this is simple: I switched from a Symbian phone (a P990i) to the iPhone because Symbian is, frankly and unfortunately, a crappy OS. The iPhone sports a usable, snappy, pretty, stable OS. For 95% of what I use a phone for, the iPhone beats any Symbian-based phone. The only thing I miss from the P990i is ScummVM.

Re:Makes me wonder

[itsdapead]

I currently have an O2 contract phone (W810i - very pleased with both phone and network)

So why do you feel compelled to get a new one?

Personally, I'd give it another year before going iPhone and see what the second-gen ones are like (esp. with respect to 3G/HSPDA which may have been a defensible decision in the US but its a bit of a joke in the UK).

As other posters have said, if you're going for a new not-iPhone then T-Mobile do much better "unlimited" data deals.

N95 or iPhone

[Jeremy_Bee]

Here is your mistake right here:

Better featured phone (the N95)

If you need to use 3G there is a reason to purchase the N95.
Otherwise, if you look closely at the specs and actually compare the units in your hand, you will find the iPhone to be a much "better featured phone" than the N95.

The N95 is clunky and poorly assembled, it has less battery life, less storage, and the apps it has are hardly useable and poorly integrated.
To really decide, try browsing the web on each phone. I will bet it will not be the N95 you choose.

Re:Makes me wonder

[camperslo]

Kinda funny how people use the word "free". It's a bundle.

Calling those phones free is like getting a "free" wedding ring. You do get the ring, but the one giving it to you expects exclusive rights to screw you...

Re:

[oliverthered]

I use the word 'free' in the sense that the monthly subscription is £5 less than the iphone and you don't have to pay for the phone.

I know nothing's really free.

Re:

[Serious Callers Only]

You knew the terms before you bought the phone. If you didn't like the terms, you should not have bought the phone. It's not all that hard.

There are those who haven't bought an iPhone or touch of course, but think it's really weak of Apple to try to restrict the use of it in this manner.

It's time for Apple to produce an SDK, or at least admit that they're working one and it will come in 1 year or so. That way they won't be hounded continually by the hackers and they won't be bricking their customers' phones

Re:

[teh kurisu]

My understanding is that in the iPhone context, 'unlocking' refers to the enabling of third party SIM functionality, whereas 'jailbreaking' refers to enabling the ability to run third party applications. I could be entirely wrong, but I was under the impression that these were two separate issues.

Apple almost certainly have an agreement with AT&T (and O2, and T-Mobile) to prevent SIM unlocking. It's less likely that they have such an agreement to prevent jailbreaking, although it's still possible as

Re:

[Applekid]

My understanding is that in the iPhone context, 'unlocking' refers to the enabling of third party SIM functionality, whereas 'jailbreaking' refers to enabling the ability to run third party applications.

Considering there is no first-party application that will unlock the phone to use any valid SIM, all that's left is a third-party application that will do it. Hence the need for jailbreak.

Re:

[djh101010]

My understanding is that in the iPhone context, 'unlocking' refers to the enabling of third party SIM functionality, whereas 'jailbreaking' refers to enabling the ability to run third party applications. I could be entirely wrong, but I was under the impression that these were two separate issues.

You've got it exactly right. The problem, I think from Apple's perspective, is that the process to open up the firmware to add third party apps, also allows the changes to the part of the cellphone which allows you to switch carriers. It's Unix, and the security model is that if you have root, you have root.

From a access control mechanism standpoint, they _could_ allow open access to the /Applications directory while keeping the rest of the system locked up. That would differentiate the people who wan

Re:

[CaptainZapp]

So are you saying that they shouldn't patch the vulnerabilities, that they shouldn't release new firmware at all, or that they should break their contract with AT&T

So you know the terms of the contract between AT&T and Apple?

Oh, please, good sir: enlighten us ignorant masses.

Re:Makes me wonder

[MrHanky]

The terms of the contract, according to the Mac community, is that whenever there is something annoying with the phone -- bricking, restricted access of all sorts -- it's AT&T's fault. This also goes for the ipod touch, which features the exact same restrictions.

according to the Mac community

[Fizzl]

Or "scientists think that...".

Re:

[shinma]

It makes sense from a corporate standpoint that the iPod Touch would fall under the same restrictions that the iPhone does, from both a technical and a commercial standpoint. From a technical standpoint, it is far simpler to maintain a largely similar set of software than it would be to put both items on different platforms, a piece of software (mail, and the apparently unintentional calendar differences) notwithstanding. I think the release firmware of the iPod Touch is the victim of an overzealous applica

Re:Makes me wonder

[Red Flayer]

They are under legal obligation to maintain their firmware so that the phones can't be used on other networks for another 5 years.

Not quite -- they are under contractual obligation, which is something quite different.

Would AT&T have legal recourse if Apple didn't fulfill its obligation? Yes.

Would Apple face prosecution for violating the law if it didn't fulfill the obligation? No.

And as a matter of fact, legal obligations supercede contractual obligations. For example, in some countries, it is debated whether Apple is legally allowed to exclude other service providers.

or that they should break their contract with AT&T which could make every iPhone out there useless overnight unless it is hacked?

Oh, right... like AT&T would actually stop providing hugely profitable service to iPhones. They'd continue to provide service to iPhone owners, they'd just also sue Apple.

Re:

[Henry V .009]

Responsible firmware updates don't brick hardware. For example, an update can run a checksum on essential system files before applying itself. Not doing so when you know beforehand about bricking problems (which Apple announced it did) is either A) incompetent, or B) malicious.

So is Apple incompetent at making software, or are they malicious towards their users? I think we all have a pretty good idea which one it is.

You see, after selling you something, Apple doesn't own it anymore, you do. Apple's con

Re:

[Aladrin]

"Apple's contract with AT&T does not give them the right to destroy unlocked phones"

Very true. Too bad they didn't 'destroy' the phones or you might have a point here. The phones were not 'destroyed', they were simply locked again and with a patch that fixed a vulnerability. The phones aren't 'bricked', they are simply locked again.

Apple sold that phone with 1 sole purpose in mind. That purpose did not include using third-party or any network except AT&T's. They didn't even try to hide this.

Re:

[captainjaroslav]

Is that "5 years" thing a fact or speculation? (That's an honest question, not an attempt to antagonize.) I've assumed that part of Apple's lockdown of this device had something to do with their contract with AT&T, but I was unaware that the terms of the contract had been revealed to the public anywhere. Can you post a link?

Personally, I've been hoping that, when all the dust settles, Apple will eventually allow real application development for this device, so I would be bummed if they had legally ob

Re:

[LWATCDR]

But not for the Touch. I would love a Touch but I want to add my own apps to it.

Re:Makes me wonder

[MightyYar]

Well, in this case closing down the iPhone will actually end up making it more secure... A bug in the TIFF library that allows some kind of code to execute sounds like a pretty serious security vulnerability. By locking down the iPhone, Apple has made it attractive to hackers of the non-malicious sort. They have found a vulnerability that Apple will now presumably have to plug, making the iPhone more secure against hackers of the malicious sort.

Of course, they shouldn't have this type of security bug in the first place... one wonders if it isn't also present on the Mac.

Re:Makes me wonder

[AusIV]

I wonder if Apple are going to keep playing "cat and mouse", and try to bring legal action to bear against these "vile hackers",

On what grounds? People are hacking their own phones, which is explicitly permitted under the DMCA. Link [copyright.gov] (pdf warning). Apple is under no obligation to support it or make it easy, but they can't sue people for unlocking iPhones.

Re:

[david_thornley]

Why would they take legal action? Has anybody from Apple suggested that?

Does this sort of unlocking actually bother Apple? They may not be making money on the cellular deal, but they did get money for the iPhone. They may have had to promise to try to stop unlocking contractually, but that doesn't mean they have to be all that effective about it.

They did warn that updating a modified iPhone might hurt it, but that can be seen two ways. The /. herd mentality way is as a declaration of war, but it se

Apple II on

[wbean]

Since the begining of time (roughly 1981) users have been hacking Apple products. If you wanted lower case letters on an Apple II you had to solder in an extra wire on the keyboard. This voided the warranty but never seemed to cause any real-world problems. In the past Apple has tolerated this sort of activity; only a limited number of people did it and it and Apple didn't suffer. The difference this time around is that Apple is trampling all over this unspoken arrangement. Instead of tolerating the sm

Well

[Deag]

iphucing love the name

Re:

[Anonymous Coward]

iPhorone welcome our IPhucing overlords

Keep your stuff updated..

[comm2k]

Apparently they used the same vulnerability to hack the PSP.

Re:

[Constantine XVI]

It's not the same hole, it just happens that TIFF is a very holey format.

Great

[thatskinnyguy]

Now that the hack is being posted all over the in-tar-web, Apple is sure to release a patch to brick all cracked devices.

Re:Great

[ichigo 2.0]

Don't patch until there is a working hack for the new patch. And yes, a new hack will always surface.

Re:

[Tony Hoyle]

They need to patch anyway.

Every single iphone and touch is running a vulnerable safari (using a year out of date libtiff). Once the virus writers get hold of this then there'll be all sorts of stuff going on.

Of course the hacked phones will be immune as one of the first things that will be done is fix the bug. :p

Soubds like alot of work

[Anonymous Coward]

Wouldn't it be easier to buy an phone/mp3 player that isn't crippled?

Re:Sounds like alot of work

[jaredmauch]

Problem is that compared to most phones people have owned in the past (at least here in the US), this phone is the least crippled of any that one has owned. Yes, there are a few things that are less than optimal (double activation, lack of tethering). Taking the example of my old Nokia 6230, it was a mp3 player, had a FM radio, had email client and numerous other features that made me repurchase the identical phone when my original was slowly developing some hardware issues with the microphone. The Email

Re:

[the_humeister]

It would be, but then you don't get mad-props for hacking a supposedly unhackable phone, don't get the media attention that you want, and most importantly: you don't get the Mac community's panties in a bunch.

Re:

[Joe Tie.]

It has almost everything an iPhone has (safe for camera)

Well, that's depressing. I'd really been looking forward to the neo as a platform that'd finally be the all in one phone/pda/camera/mp3player to free up my pocket. It never even occurred to me that a phone could come out in this day and age without a camera built in. Having a video recorder around at all times can be really nice.

Re:

[cduffy]

Different strokes, I guess. I explicitly look for to buy a phone without a camera -- meaning I can keep my phone with me (on silent, of course) in courthouses and other places where cameras aren't allowed. It's getting harder and harder to find a decent phone without a tiny little uselessly crappy camera grafted on; the Neo having no camera at all is thus from my perspective a very significant feature.

(I can appreciate having a camera around the office to record whiteboard contents; that's about the only th

Re:Sounds like alot of work

[Erikderzweite]

Future versions are promised to include a camera as well. In the meantime one may connect an USB camera although it is not an elegant solution.
But a camera is not on the list of wanted features for me. I'll buy myself such Neo for Christmas (hope it'll be ready till then).

The people behind openmoco are really awesome - they were willing to give up WLAN because there were no chipsets with open drivers. Luckily they have found aetheros chipset afterwards, so 1973 will support wireless networking.
Such appr

Re:

[stewbacca]

Don't let the "it has a camera!" crowd fool you. Save for some drunken pub crawls, the camera feature is awful (as it is on EVERY cell phone). The integration of taking pictures and emailing them or putting them on your computer is pretty flawless, but the image quality is crap. I took three or four pictures of my kid in the shade and I got three or four different color casts. Sometimes blue, usually green, but never even close to decent.

Not a long term solution

[uglydog]

according to the article since the TIFF exploit can be patched. I understand it's a "cat and mouse game", but I was wondering why there can't be a more permanent solution, like creating an image that can be restored using the iTunes Restore function.

This is great news and I'd like to know how do you get started learning how to hack the iPhone? I found stuff that explains how the jail breaking works, but not how it was discovered or what was tried, etc. Blogs, logs, etc would be cool.

Re:

[jaredmauch]

Google iPhone Dev Wiki [google.com]

Re:

[Tiberius_Fel]

It's plausible that they are working on such a long term solution right now, but they have discovered this one quickly. This way they can release this unlock right away and then work on a more permanent one instead of having to wait until the long term solution is finished.

Re:

[ZachPruckowski]

according to the article since the TIFF exploit can be patched. I understand it's a "cat and mouse game", but I was wondering why there can't be a more permanent solution, like creating an image that can be restored using the iTunes Restore function.

Any exploit can be patched, but odds are good that there are at least dozens of exploits in mobileSafari. Once you run out of those, there's mobileMail, and the Wireless iTMS. Finally, you could clone the software on the iPhone, modify it on a computer, and impersonate iTunes to the iPhone and convince it to "update" off of that.

The difficulty with having a cracked image that you just copy back over after updates is that you would then lose the benefit of the updates. Hackers would have to update the

Re:

[John Whitley]

I was wondering why there can't be a more permanent solution, like creating an image that can be restored using the iTunes Restore function.

Most embedded devices with upgradeable firmware have mechanisms to validate new firmware images, e.g. against corruption during the transfer to the device (or downloading before that). Many such devices also decrypt the image and/or verify a cryptographic signature as part of the verification process. Then there's the need to understand the firmware upgrade process sufficiently well so that attempts at a "third-party" upgrade won't just brick the device.

Dealing directly with the firmware upgrade process

Nice summer job

[ThirdPrize]

I bet Sony and Apple both have an intern whose sole job it is to churn out new FW for the PSP and iPhone/Touches. Ocasionally they will slip in a few bug fixes and patches for security holes. Other than that they will end up releasing one update a week with the hackers always a week behind.

Re:

[Aladrin]

Wrong. If there's no bugfixes or patches in the update, the 'hackers' aren't a week behind, they are merely hours behind. And if there's no update anyhow, why bother upgrading? Anyone with a hacked device doesn't update unless there's a new feature they want in the new firmware, so constant updates don't -do- anything to the hacked devices and hackers, except fill a bit of their free time and give them a chance to further hack the system.

The PSP is a good example of that. They had to rely on bugs like t

Opportunity?

[Anonymous Coward]

Am I the only person here who reads that there is a vulnerability in the way iPhone handles TIFF files who immediately thinks that this is a massive security problem that needs to be addressed immediately? Sure, a handful of people will make use of this to open up their iPhone. Good for you. However, for everyone else, this is just a hole waiting to be exploited by someone posting a malicious TIFF onto a website or in an email and luring the iPhone users to view the TIFF causing havoc.

Hyperbole

[stewbacca]

massive security problem?

Hackers accessing the NSA mainframe is a "massive security problem". My iPhone hardly qualifies as any sort of security problem, no matter how unsecure it may be.

Jail Break How-To

[Chris_Stankowitz]

Reposted from: http://www.iphonealley.com/news/iphone-v1-1-1-jailbreak-apptapp-installation-guide [iphonealley.com]

Jailbreaking Steps

1. Sync and pray
1. Sync your iPhone with iTunes. You'll be losing all of your information, so it's a good idea to back up
2. Downgrade to v1.0.2
1. Hold down the Sleep/Wake and Home buttons at the same time for about 10 seconds. The phone should shut down.
2. When the phone shuts down, release the Sleep/Wake button but continue holding Home
3. Wait until iTunes recognizes the iPhone. The screen will appear to be off, but iTunes will eventually recognize the iPhone. When it does, let go.
4. A message will appear telling you to restore. Click OK
5. Using your favorite browser, download the v1.0.2 software from this location. You may need to rename to .ipsw if it comes as a .zip
6. Back in iTunes, hold Option on the Mac or Shift on the PC while clicking Restore. Navigate to the software you downloaded and select it.
7. The phone will restore, but it will fail. This is normal.
8. Your iPhone should show a yellow triangle. Run Nullriver's AppTapp. It should bring you back to the Activation step on the phone and show an error in the application. Disregard the error.
9. Run AppTapp again and it should succeed.
10. If not using an AT&T SIM, use INdependence to activate your iPhone. That's it!
3. Create Symlink
1. If you haven't already, install Nullriver's AppTapp
2. Go to http://conceitedsoftware.com/iphone/beta [conceitedsoftware.com] in iPhone's Safari. Tap "Yes" to add to Installer
3. Plug iPhone in and open iTunes. Make sure it's recognized before proceeding
4. Using Installer, install "Trip1Prepz" located under "System"
4. Upgrade to v1.1.1
1. In iTunes click "Upgrade" and not Restore. Restoring will ruin our progress.
2. Once upgraded to 1.1.1, close iTunes
5. Jailbreak
1. Download iPHUC and friends from Rapidshare
2. Extract the contents so that iphuc, fstab, and iphonefs are all on the Desktop
3. If you don't have libreadline, download it and extract the zip to your Macintosh HD
4. Open Terminal.app located in Applications>Utilities
5. Type cd ~/Desktop and hit return
6. Type ./iphuc and hit return
7. Type getfile

TIFF image exploit?

[Anonymous Coward]

So let me get this straight: if an image handling vulnerability is in IE or Firefox, it's deplorable, but if it's in an iPhone, it's the greatest thing ever?

If you cretins don't like the iPhone's contract terms, DON'T BUY ONE.

Re:TIFF image exploit?

[Durzel]

Well you're almost right.

If it's an image handling vulnerability in IE then the skies are falling and it's featured on the front page of Slashdot.

If the same vulnerability appears in Firefox then it's trivial and automatically "nothing to worry about" simply because it's OSS.

If it's a vulnerability in iPhone then Apple intended it to be there in the first place and it's the users who are mistaken in thinking it was a problem.

Re:

[mrjb]

The difference is- an image handling vulnerability is in IE or Firefox is a bug. In the iPhone, it happened to be a feature.

iPhuc???

[steve_thatguy]

I didn't know Apple had a sex-toy product line.

Re:

[chill]

Wow, are you behind the times [theregister.co.uk].

I assume...

[Y-Crate]

...that Firmwares Jailbroken is the name of the Finnish hacker who cracked the iPod?

TIFF for the root

[Anonymous Coward]

I didn't see anything that said otherwise, but doesn't this mean that someone could get root on your iPhone just by visiting a website with a special TIFF?

But they are hackers

[Swift2001]

If their hack depends on a "specially-crafted" TIFF, then that's a bug, and Apple is under an obligation to close that hole. How would you like it if a "specially-crafted TIFF" was used to steal all your personal information?

Open the SDK, Apple. Allow the legal unlocking, and make it easy for people to write apps and then sell them for them on iTunes. Stop being jerks. You make money to the extent that you're not jerks.

But hacking is hacking, and I don't want any vulnerabilities on my iPhone, even if it's just "good guys" who are using them.

Hacking popularity

[kuzb]

This just goes to show you that the more widespread and popular something is, the more likely it's going to get hacked (whether by the owner, or an outside party) to do something for which it was not originally intended. Mac owners who feel secure because they have Macs should take note of the fact that Apple's platforms do in fact contain exploitable flaws.

So...

[IntergalacticWalrus]

What's Apple's excuse for locking up the iPod Touch...?

With the iPhone it was apparently part of the contract they signed with AT&T, but with the iPod Touch, Apple has NO fucking excuse.

Re:

[Anonymous Coward]

Is there any place/website I can just go to and find out the "current status" of what I can do with specific firmware revision? Without digging through the developer forums, or idling in IRC asking stupid questions?

Sure, you can always come to slashdot to ask stupid questions. : p

Re:

[vtcodger]

***So, I live in the Netherlands, and I want an iPhone.***

Why would you want one of those things when the manufacturer clearly isn't interested in what their customers want/need? Unless you are just interested in the fun of engaging in a brawl (which you will likely be on the losing side of) why not wait a while for someone to come up with an iPhone like device that actually does what you want/need it to do out of the box?

LOLROFLMAOBBQOMGPOS

[MyLongNickName]

When will you learn? Apple knows it will never stop hackers 100%. If they make it risky and a pain, then these hacks will not be widely applied. If less than 1% of their customer base hack their phone, then AT&T is happy. Apple gets lucrative licensing fees and their stock price goes up. This is the bottom line of ALL publicly owned companies.

Kudos to the hackers. But kudos also to Apple for their bricking strategy. Spread FUD, increase shareholder wealth.

Re:iPhuc?

[gEvil (beta)]

Who said total nerds weren't funny? It's a wonder with comedy like this more pocket protector types don't get laid.

Well, according to the name of the program, at least one does...