19-Year-Old Jailbreaks iPhone 7 In 24 Hours (vice.com) 97
An anonymous reader writes: 19-year-old hacker qwertyoruiop, aka Luca Todesco, jailbroke the new iPhone 7 just 24 hours after he got it, in what's the first known iPhone 7 jailbreak. Todesco tweeted a screenshot of a terminal where he has "root," alongside the message: "This is a jailbroken iPhone 7." He even has video proof of the jailbreak. Motherboard reports: "He also said that he could definitely submit the vulnerabilities he found to Apple, since they fall under the newly launched bug bounty, but he hasn't decided whether to do that yet. The hacker told me that he needs to polish the exploits a bit more to make the jailbreak 'smoother,' and that he is also planning to make this jailbreak work through the Safari browser just like the famous 'jailbreakme.com,' which allowed anyone to jailbreak their iPhone 4 just by clicking on a link." Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."
Let's get physical (Score:5, Interesting)
Re:Let's get physical (Score:5, Funny)
Re: (Score:3, Funny)
You can have both a micro SD card and a headphone jack. Just not on the iPhone.
Re:Let's get physical (Score:5, Interesting)
Re: (Score:3)
Re: (Score:3)
Yes, Samsung has lots of *hot* features that other makers don't have.
Re: (Score:2)
Re: (Score:3)
If there's enough left of the phone when the battery comes out...
Re: (Score:2)
>..for the time being
Just because Apple has a bad idea doesn't mean everyone else has to copy it.
Re: (Score:1)
>..for the time being
Just because Apple has a bad idea doesn't mean everyone else has to copy it.
But, if history is any indicator, you know they will.
Re: Let's get physical (Score:3, Funny)
Wait for the 8 they'll introduce the 3.5mm back claiming they invented it.
Re: (Score:2)
Re: (Score:2)
I feel the same way about my Google Nexus phone.
4 SPI wires, or usb (Score:2)
It has USB over Lightning, so you COULD attach a micro SD reader, internal or stuck to the case.
If you wanted to be even more hackish, it shouldn't be hard to find some SPI pins. You can interface micro SD cards with four SPI pins plus power and ground. This guy provided root in the software in order to make the OS used the micro SD for whatever you choose.
Re: (Score:1)
It has USB over Lightning, so you COULD attach a micro SD reader, internal or stuck to the case.
If you wanted to be even more hackish, it shouldn't be hard to find some SPI pins. You can interface micro SD cards with four SPI pins plus power and ground. This guy provided root in the software in order to make the OS used the micro SD for whatever you choose.
Lightning is a completely software-configurable interface. Unlike the old 30 pin connector, it basically has no dedicated pins, period; so no SPI, unless Apple made a pseudo-SPI mode available.
Those are two different options (Score:2)
I was referring to two different options. USB over Lightning is one option.
As another, more hackish option the board surely has some SPI pins.
That said, because it is software-defined AND you have root, *perhaps* you could do SPI over Lightning. That's not what I was suggesting, though.
Re: (Score:1)
I was referring to two different options. USB over Lightning is one option.
As another, more hackish option the board surely has some SPI pins.
That said, because it is software-defined AND you have root, *perhaps* you could do SPI over Lightning. That's not what I was suggesting, though.
At first glance, I would guess that Lightning is done over GPIO pins (with maybe some DMA thrown in), rather than a specific ARM "peripheral". But, since Apple actually rolls-their-own ARM designs; it would be logical to assume that they DO have some sort of custom Lightning i/f built into their SoCs.
They might talk to their radios, gyros, etc. over SPI (and/or I2C); but, in such a tightly-integrated device, it might be pretty hard to come up with an "enable" pin for your particular, non-planned-for SPI d
Re: Let's get physical (Score:1)
You really want a slow ass micro SD card slot? Apple use speedy chips, iPhone storage can do 500MB+, a micro SD struggles to do faster than 200kB/s 4k writes.
Re: (Score:2)
Re: (Score:2)
iPhone storage can do 500MB+, a micro SD struggles to do faster than 200kB/s 4k writes.
Are you claiming the iPhone flash can arite 500MB+ at small random writes?
Fast microSD cards in phones are good enough to record and playback pretty much all mobile content availabe, with write speeds passing 100MB/s (yes, capital B). That is plenty fast for auxiliary storage. Small random writes are slow, of course, but they are also slower in the internal storage, in the iPhone they will probably not be much higher than 2MB/s, just like everyone else.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Not quite as nice as having a slot built-in to the phone and application support is a bit limited due to the fact that only a few iOS applications support external storage devices but it does work.
Apple also sells a Lightning to USB host adapter which lets you use other USB devices such as keyboards, mice, flash drives, and external hard drives (as long as they don't attempt to pull too much power over USB)
Obligatory Mandy Rice-Davies (Score:2)
I'm sure Apple have users' best interests at heart.
Thinking along pretty much the same lines as myself there.
"Apple strongly cautions against installing any software that hacks iOS."
"Well, they would, wouldn't they?"
Re: (Score:1)
I'm sure Apple have users' best interests at heart.
Thinking along pretty much the same lines as myself there.
"Apple strongly cautions against installing any software that hacks iOS."
"Well, they would, wouldn't they?"
What would you expect them, or indeed any OEM, to say?
Get real.
Re: (Score:2)
What would you expect them, or indeed any OEM, to say?
Er, I think you missed the point being made. That's precisely what I *would* have expected them to say, because it was in their own interest. Hence the quote.
Or perhaps your problem was with my implication that the motive was driven by their own self-interest, rather than pure, selfless concern for their users? Well, yeah.
Of course, by adding "or indeed any OEM", you're implying that this is an attack/persecution specifically towards Apple and that I'm biased. Nope; doubt I'm any more partisan than some
Re: (Score:1)
Of course, by adding "or indeed any OEM", you're implying that this is an attack/persecution specifically towards Apple and that I'm biased. Nope; doubt I'm any more partisan than someone with the username "macs4all", and I'm sure that most similar corporations in Apple's position would have come up with a similarly self-serving answer. Doesn't make Apple any better than them, though.
First, your OP made it clear that you were intending your comment as disparagement towards Apple. And you ad hominem attack against me, based on my username, confirms exactly that.-
But then, you undermine your entire argument by agreeing that ANY OEM would have made the same "Don't replace/infiltrate your OS with some unknown hack." Now you claim that makes Apple no better than other OEMs. Conversely, however, it makes them no worse.
And the reason why, is that their legal departments no doubt caution th
Re: (Score:2)
your OP made it clear that you were intending your comment as disparagement towards Apple
If you view the accusation of Apple's advice being self-serving as "disparagement", then this was already clearly implied in the original comment, then clearly (and explicitly) spelled out for you in my previous comments!
And you ad hominem attack against me, based on my username, confirms exactly that
Your original comment already smacked of defensive fanboyism before I'd even noticed your username or taken a look at any of your other comments (#); that simply confirmed it for me.
If you'd come across as an otherwise neutral observer with an Apple-related username, you'd have had a poin
Yawn (Score:5, Informative)
Re: (Score:1)
Few things motivate a brilliant teenager like a wealthy corporation saying "you can't do this."
Re:Yawn (Score:4, Funny)
They'd be smart to introduce him to some smoking hot 18 year old chick with an Apple tattoo. He'd be too busy rooting something else to bother with the phone.
Re: (Score:1)
Even smarter would be simply hiring him. Find and fix iOS flaws and find Galaxy flaws.
Re: Yawn (Score:1)
Wonder if this (very talented) hacker is there one that helped the FBI crack that San Bernardino shooter's phone.
Re:Yawn (Score:5, Funny)
Seems like it would be easy for Apple to fix this: Just raise the prices until 19 year olds can't afford the iPhone 8. Problem solved.
Re: (Score:2)
Re: (Score:3, Interesting)
Success through obscurity!
I've also hacked every new Apple product's firmware within 24 hours, but am not going to release any methods. I am also definitely an 18 year old leet haxor called cali^babe^17^ working alone.
Rules of any hacking community:
1. Without proof, the hack doesn't exist.
2. Without proof, the author isn't the publisher.
1 is easy to fix. 2 is for those who believe that big exploits are all released by mysterious little kids.
Re: (Score:1)
This guy does this every time a new version of iOS comes out and he never releases it publicly. For all we know it's been the same exploit all along.
It's all too easy to fake-up a boot sequence in a video.
24 Hours? (Score:2)
What's the point of mentioning deceptive measures of time like this? It's not like this person started from scratch, decided to jailbreak an iPhone 7, and then 24 hours later was done.
The individual likely had an iOS jailbreak, which likely chained together a number of vulnerabilities and took some undisclosed amount of time to develop, and then tweaked / confirmed it on the new hardware. The 24-hour specification means nothing.
Re: (Score:2)
he has had months to work on it. The beta was easy to join for everyone.
Re: (Score:2)
Re: (Score:3)
You all got this wrong, It is the actual jailbreaking process that takes 24 hours.
Re: (Score:2, Insightful)
Whenever anyone does anything they're going to build on their past experiences and already established skills. Whether they're doing a Rubik's cube or a crossword or running a race, there's always going to be an 'undisclosed amount of time to develop' that preceded it. I don't see that that invalidates timing how long they took over the latest challenge.
Re: (Score:2)
"19 year old jailbreaks new iPhone 7 in under 20 years"
Re: 24 Hours? (Score:2)
I think you're forgetting the work evolution did in coming up with the right DNA
Re: (Score:3)
Because he likely used an existing exploit and changed some addresses for the new OS/Hardware. That's not the same as discovering a new vulnerability and exploiting it in the same amount of time. It's like remarking that someone had a baby less than 24 hours after getting married, and not understanding how that could be possible.
Re: (Score:1)
Re: (Score:2)
What's the point of mentioning deceptive measures of time like this?
Because regardless of how long he had to work on it or how old the exploit is the fact still remains that the device was rooted within 24 hours of launch.
So if you want to root your iphone 7 ... natch... you can. Day 1. And Playstation/Xbox owners are jealous.
And if you were betting with your friends that it would be months before anyone rooted it thanks to new security features and ios10 etc... well....then you lose.
Re:Apple needs side loading / 3rd party app stores (Score:5, Informative)
You can easily side load a lot of stuff yourself using the free personal developer accounts. The apps expire after 30 days though so you have to keep re-adding it every month. I've got a couple apps on my phone that apple would never approve on the store, no jailbreaking.
Re: (Score:2)
Even better, Apple generally wants you to do this with apps with source code - the developers of f.lux tried it, but they released it as binary only and Apple called them out over it.
It's one of those things you really wish you could ask RM
Re: (Score:2)
You don't need the source code -- you can simply sign a binary with your own dev credentials.
Re: (Score:2)
Re: Apple needs side loading / 3rd party app store (Score:2)
Or, develop your own app and distribute it using MacOS Server, MDM or VPP. You can even have your own app store in a enterprise environment with iOS. It's not as locked down as people believe. Just there are no public app stores other than Apple's own.
Re: (Score:2)
Re: (Score:2)
Or, just send a Profile to the device. No dev account needed. You can install and run your own enterprise apps remotely.
Comment removed (Score:5, Funny)
Am I trolling? (Score:1)
Lock him away and take all this data and hardware and when he submits the bugs to Apple, make Apple pay him the bounty and let him go with a nice clap on the back.
Well, or trust him not to sell the exploit to someone else or have it stolen. This must be worth a lot of money, much more when it is not submitted. People have been stolen from, killed or tortured for less.
Exploits are the new plutonium. You can prepare for war with stockpiling and weaponizing them.
Re: (Score:2)
Well, given there are three parties who would pa
Why would he report it? (Score:2)
Re: (Score:1)
Money enough to buy an open platform phone, like Android.
Re: (Score:2)
Release it? He doesn't have to, but he doesn't have to flaunt it either. It's like sitting down and eating a delicious steak in front of starving people. It's still a dick move. If he doesn't plan to release it, then don't bother to announce it.
What's the point of mentioning the age? (Score:1)
Mentioning the age does nothing for the story. It's completely irrelevant data.
Re: (Score:2)
> Mentioning the age does nothing for the story
It really is relevant. There's quite a bit of domain knowledge needed to do that with modern devices, so someone who has had a lot less time to acquire that knowledge doing something like this is definitely notable.
Re: (Score:2)
"You stood on the shoulders of geniuses to accomplish something as fast as you could, and before you even knew what you had..."
Re: (Score:2)
To be fair, US teenagers probably have more free time than any other age group besides retirees.
kthxapple (Score:5, Funny)
Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."
Luca responded that it took "courage" to talk about his exploit and possibly withholding it from Apple.
Re: (Score:3)
Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."
Luca responded that it took "courage" to talk about his exploit and possibly withholding it from Apple.
I say he offers it in exchange for a headphone jack.
Clearly (Score:3)
This demonstrates how full of security holes all our devices are.
Apple prides itself on security, yet even their products are like swiss cheese.
Re: (Score:3)
Most iPhone jailbreaks rely on the phone opting in to the exploit, they usually aren't just "get text message, get owned". That's a different class of security vulnerability.
Of course, there are exceptions, like the one used recently that got patched within days.
Re: (Score:1)
Most jailbreaks for most other gadgets like iPhones similarly rely on the phone opting in to the exploit. There's nothing special about Apple's gadgets in that regard.
Re: (Score:2)
oh, yaay apple... (Score:2)
At least their quote didn't include the illegal threat to void the warranty.
In a related report... (Score:1)
Not really. Yet, who cares?