Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
IOS Iphone Operating Systems Privacy Security Software Apple News Technology

19-Year-Old Jailbreaks iPhone 7 In 24 Hours (vice.com) 97

An anonymous reader writes: 19-year-old hacker qwertyoruiop, aka Luca Todesco, jailbroke the new iPhone 7 just 24 hours after he got it, in what's the first known iPhone 7 jailbreak. Todesco tweeted a screenshot of a terminal where he has "root," alongside the message: "This is a jailbroken iPhone 7." He even has video proof of the jailbreak. Motherboard reports: "He also said that he could definitely submit the vulnerabilities he found to Apple, since they fall under the newly launched bug bounty, but he hasn't decided whether to do that yet. The hacker told me that he needs to polish the exploits a bit more to make the jailbreak 'smoother,' and that he is also planning to make this jailbreak work through the Safari browser just like the famous 'jailbreakme.com,' which allowed anyone to jailbreak their iPhone 4 just by clicking on a link." Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."
This discussion has been archived. No new comments can be posted.

19-Year-Old Jailbreaks iPhone 7 In 24 Hours

Comments Filter:
  • Let's get physical (Score:5, Interesting)

    by madwheel ( 1617723 ) on Thursday September 22, 2016 @03:57PM (#52941809)
    If only we could physically hack in a damn Micro SD slot.
    • by Pascoea ( 968200 ) on Thursday September 22, 2016 @04:02PM (#52941847)
      An a headphone jack?
    • Really? Didn't go with the headphone jack?
    • I feel the same way about my Google Nexus phone.

    • It has USB over Lightning, so you COULD attach a micro SD reader, internal or stuck to the case.

      If you wanted to be even more hackish, it shouldn't be hard to find some SPI pins. You can interface micro SD cards with four SPI pins plus power and ground. This guy provided root in the software in order to make the OS used the micro SD for whatever you choose.

      • It has USB over Lightning, so you COULD attach a micro SD reader, internal or stuck to the case.

        If you wanted to be even more hackish, it shouldn't be hard to find some SPI pins. You can interface micro SD cards with four SPI pins plus power and ground. This guy provided root in the software in order to make the OS used the micro SD for whatever you choose.

        Lightning is a completely software-configurable interface. Unlike the old 30 pin connector, it basically has no dedicated pins, period; so no SPI, unless Apple made a pseudo-SPI mode available.

        • I was referring to two different options. USB over Lightning is one option.

          As another, more hackish option the board surely has some SPI pins.

          That said, because it is software-defined AND you have root, *perhaps* you could do SPI over Lightning. That's not what I was suggesting, though.

          • I was referring to two different options. USB over Lightning is one option.

            As another, more hackish option the board surely has some SPI pins.

            That said, because it is software-defined AND you have root, *perhaps* you could do SPI over Lightning. That's not what I was suggesting, though.

            At first glance, I would guess that Lightning is done over GPIO pins (with maybe some DMA thrown in), rather than a specific ARM "peripheral". But, since Apple actually rolls-their-own ARM designs; it would be logical to assume that they DO have some sort of custom Lightning i/f built into their SoCs.

            They might talk to their radios, gyros, etc. over SPI (and/or I2C); but, in such a tightly-integrated device, it might be pretty hard to come up with an "enable" pin for your particular, non-planned-for SPI d

    • You really want a slow ass micro SD card slot? Apple use speedy chips, iPhone storage can do 500MB+, a micro SD struggles to do faster than 200kB/s 4k writes.

      • Ahhhh yes much better to have Zero options than a convenience that is only useful in most circumstances, after all every apps, movie and music have a huge need for random writes.. FYI, IPhone storage won't be doing 500MB+ random writes either.
      • iPhone storage can do 500MB+, a micro SD struggles to do faster than 200kB/s 4k writes.

        Are you claiming the iPhone flash can arite 500MB+ at small random writes?

        Fast microSD cards in phones are good enough to record and playback pretty much all mobile content availabe, with write speeds passing 100MB/s (yes, capital B). That is plenty fast for auxiliary storage. Small random writes are slow, of course, but they are also slower in the internal storage, in the iPhone they will probably not be much higher than 2MB/s, just like everyone else.

      • by RevDisk ( 740008 )
        On board NAND is indeed always going to be faster. Because well, it's on the friggin board. MicroSD however is good enough for sequential reads. Like music, photos, video, etc. Which tends to be what people store on MicroSD cards. So, yes, sometimes I indeed DO want cheap slow storage. That's why folks often back up to NAS's instead of backing up to SAN's with twenty times the cost.
    • by wbo ( 1172247 )
      Apple sells [apple.com] SD card readers that work with almost all iOS devices including the iPhone 7.

      Not quite as nice as having a slot built-in to the phone and application support is a bit limited due to the fact that only a few iOS applications support external storage devices but it does work.

      Apple also sells a Lightning to USB host adapter which lets you use other USB devices such as keyboards, mice, flash drives, and external hard drives (as long as they don't attempt to pull too much power over USB)
  • Yawn (Score:5, Informative)

    by sometext ( 2537330 ) on Thursday September 22, 2016 @04:02PM (#52941851)
    This guy does this every time a new version of iOS comes out and he never releases it publicly. For all we know it's been the same exploit all along.
    • by Anonymous Coward

      Few things motivate a brilliant teenager like a wealthy corporation saying "you can't do this."

      • Re:Yawn (Score:4, Funny)

        by Anonymous Coward on Thursday September 22, 2016 @07:11PM (#52943105)

        They'd be smart to introduce him to some smoking hot 18 year old chick with an Apple tattoo. He'd be too busy rooting something else to bother with the phone.

    • by Anonymous Coward

      Wonder if this (very talented) hacker is there one that helped the FBI crack that San Bernardino shooter's phone.

    • Re:Yawn (Score:5, Funny)

      by somenickname ( 1270442 ) on Thursday September 22, 2016 @04:37PM (#52942069)

      Seems like it would be easy for Apple to fix this: Just raise the prices until 19 year olds can't afford the iPhone 8. Problem solved.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Success through obscurity!

      I've also hacked every new Apple product's firmware within 24 hours, but am not going to release any methods. I am also definitely an 18 year old leet haxor called cali^babe^17^ working alone.

      Rules of any hacking community:
      1. Without proof, the hack doesn't exist.
      2. Without proof, the author isn't the publisher.

      1 is easy to fix. 2 is for those who believe that big exploits are all released by mysterious little kids.

    • This guy does this every time a new version of iOS comes out and he never releases it publicly. For all we know it's been the same exploit all along.

      It's all too easy to fake-up a boot sequence in a video.

  • by WD ( 96061 )

    What's the point of mentioning deceptive measures of time like this? It's not like this person started from scratch, decided to jailbreak an iPhone 7, and then 24 hours later was done.

    The individual likely had an iOS jailbreak, which likely chained together a number of vulnerabilities and took some undisclosed amount of time to develop, and then tweaked / confirmed it on the new hardware. The 24-hour specification means nothing.

    • by Lumpy ( 12016 )

      he has had months to work on it. The beta was easy to join for everyone.

      • if you look at this twitter feed he was talking about the new software/hardware weeks ago. so yeah has been working on it for a while.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Whenever anyone does anything they're going to build on their past experiences and already established skills. Whether they're doing a Rubik's cube or a crossword or running a race, there's always going to be an 'undisclosed amount of time to develop' that preceded it. I don't see that that invalidates timing how long they took over the latest challenge.

      • "19 year old jailbreaks new iPhone 7 in under 20 years"

      • Because he likely used an existing exploit and changed some addresses for the new OS/Hardware. That's not the same as discovering a new vulnerability and exploiting it in the same amount of time. It's like remarking that someone had a baby less than 24 hours after getting married, and not understanding how that could be possible.

    • If you're this negative about a young kid's achievements, I dread the thought of how you deal with their failures.
    • by vux984 ( 928602 )

      What's the point of mentioning deceptive measures of time like this?

      Because regardless of how long he had to work on it or how old the exploit is the fact still remains that the device was rooted within 24 hours of launch.

      So if you want to root your iphone 7 ... natch... you can. Day 1. And Playstation/Xbox owners are jealous.

      And if you were betting with your friends that it would be months before anyone rooted it thanks to new security features and ios10 etc... well....then you lose.

  • by account_deleted ( 4530225 ) on Thursday September 22, 2016 @04:25PM (#52942011)
    Comment removed based on user account deletion
  • Lock him away and take all this data and hardware and when he submits the bugs to Apple, make Apple pay him the bounty and let him go with a nice clap on the back.

    Well, or trust him not to sell the exploit to someone else or have it stolen. This must be worth a lot of money, much more when it is not submitted. People have been stolen from, killed or tortured for less.

    Exploits are the new plutonium. You can prepare for war with stockpiling and weaponizing them.

    • by tlhIngan ( 30335 )

      Lock him away and take all this data and hardware and when he submits the bugs to Apple, make Apple pay him the bounty and let him go with a nice clap on the back.

      Well, or trust him not to sell the exploit to someone else or have it stolen. This must be worth a lot of money, much more when it is not submitted. People have been stolen from, killed or tortured for less.

      Exploits are the new plutonium. You can prepare for war with stockpiling and weaponizing them.

      Well, given there are three parties who would pa

  • Why report something that will end in your device being crippled? Fuckin' stupid
    • Money enough to buy an open platform phone, like Android.

    • Release it? He doesn't have to, but he doesn't have to flaunt it either. It's like sitting down and eating a delicious steak in front of starving people. It's still a dick move. If he doesn't plan to release it, then don't bother to announce it.

  • Mentioning the age does nothing for the story. It's completely irrelevant data.

    • by cfalcon ( 779563 )

      > Mentioning the age does nothing for the story

      It really is relevant. There's quite a bit of domain knowledge needed to do that with modern devices, so someone who has had a lot less time to acquire that knowledge doing something like this is definitely notable.

      • Yes and No I guess. What was rocket science to my parents was 9th grade mathematics to me, same would apply here - no need to learn the basics of assembly, disassembly, identifying functions by groups of bytes, or even determining the USB protocols necessary to debug when someone else has done that part for you.

        "You stood on the shoulders of geniuses to accomplish something as fast as you could, and before you even knew what you had..."
      • To be fair, US teenagers probably have more free time than any other age group besides retirees.

  • kthxapple (Score:5, Funny)

    by SeaFox ( 739806 ) on Thursday September 22, 2016 @04:57PM (#52942225)

    Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."

    Luca responded that it took "courage" to talk about his exploit and possibly withholding it from Apple.

    • Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."

      Luca responded that it took "courage" to talk about his exploit and possibly withholding it from Apple.

      I say he offers it in exchange for a headphone jack.

  • by The-Ixian ( 168184 ) on Thursday September 22, 2016 @05:18PM (#52942359)

    This demonstrates how full of security holes all our devices are.

    Apple prides itself on security, yet even their products are like swiss cheese.

    • by cfalcon ( 779563 )

      Most iPhone jailbreaks rely on the phone opting in to the exploit, they usually aren't just "get text message, get owned". That's a different class of security vulnerability.

      Of course, there are exceptions, like the one used recently that got patched within days.

      • Most jailbreaks for most other gadgets like iPhones similarly rely on the phone opting in to the exploit. There's nothing special about Apple's gadgets in that regard.

  • At least their quote didn't include the illegal threat to void the warranty.

  • In a related report, another hacker has installed Linux on a Lenovo laptop that MS has had Lenovo lock down to prevent such a thing.

    Not really. Yet, who cares?

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...