backtop


Print 24 comment(s) - last by ninjaquick.. on Oct 12 at 1:19 PM


  (Source: Bloomberg)
Apple won't be able to fix this one without hardware changes

Greenpois0n is about to land.  The Chronic Dev Team, a group of iPhone firmware hacking enthusiasts and affiliates of the well-known iPhone Dev Team, announced via Twitter that the new software is progressing nicely and should be released this Sunday -- 10/10/10.  So what is greenpois0n and why should you care?

This clever piece of software, like the iPhone Dev Team's redsn0w, which preceded it, takes jailbreakers' war against zealously-restrictive Apple to new heights.  It allows another unbreakable path to removing Apple's restrictions in the short term, applicable to the iPad, iPhone, and iPod Touch devices running on iOS 4.1.

Apple has long begrudged purchasers of its devices the right to run software it finds annoying or morally offensive.  From the Flash multimedia player to entertainment apps like a South Park app, many pieces of software have been banned from Apple's tightly locked App Store ecosystem.

Many technology enthusiasts appreciate Apple's mobile hardware, but don't appreciate Apple making these decisions for them, so they've worked together to defeat the software protections that Apple has installed to prevent free software installation.  This process is known as jailbreaking (not to be confused with unlocking, which is freeing the phone of its carrier restrictions, e.g. AT&T in the U.S.).

Jailbreaking was long a legal gray area, but recent amendments to 1998's Digital Millenium Copyright Act have formally legalized it.

Apple's chief executive Steve Jobs has expressed a fervent disdain for these actions that borders on hatred.  He has committed his company to "a cat and mouse war" with the jailbreakers.  He complains that jailbreaking ruins his company's "magical" experience and his personal campaign to offer customers "freedom" from many evils such as pornography and poor performance.

If previous jailbreaking efforts irked Mr. Jobs, greenpois0n should be a worse blow.  Most past efforts focused on exploiting the device's software (such as a previous exploit that used a PDF vulnerability in the Safari web browser to execute arbitrary code) or its firmware. 

However, the new hack will directly use an exploit of the bootrom, first discovered by the iPhone Dev Team.  Since Apple can't alter the bootrom, it will be powerless to stop its users from gaining freedom (well not Apple's definition of "freedom", but freedom in a typical sense), barring a hardware update.  In other words, current model phones/iDevices should be permanently jailbroken.

About the only thing Apple could do is to try to roll out an update that detects jailbroken phones and breaks them.  Apple has tried this approach in the past and has been beaten back by lawsuits.  And such a measure would likely draw a public backlash, which is the last thing Apple given its fierce battle with a surging Android OS.

Ultimately, for Apple the new jailbreak is made more bitter in that they draw attention to the company's poor software and security performance.  Among security professionals Apple's software has long been considered buggy and easily exploitable; Apple devices are only "more secure" in that they have traditionally either had a small market share or are entering into new markets which have not drawn significant exploitation interest yet.

So for Apple greenpois0n may be quite a bitter pill to swallow, but for customers it is a sweet and long awaited pathway to freedom.

Notes:
The key difference between greenpois0n and the previous redsn0w is that greenpois0n can jailbreak the iPhone 4, iPod Touch 4G and Apple TV.  Redsn0w uses the SAME bootrom vulnerability, but can only jailbreak the older iPhone 3G, iPod Touch 2G.  Greenpois0n also adds linux support.

Also another very important note -- beware torrents purporting to be greenpois0n.  Antivirus software vendor Kapersky reports that hackers have cooked up fake "greenpois0n" torrents and downloads that really contain Trojan viruses.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: This will reduce the Freedom of Apple users
By omnicronx on 10/8/2010 4:14:14 PM , Rating: 2
Its estimated that over 10% of iOS devices are jailbroken.

Thats hardly nothing.

You also seem to have completely skipped over the entire article. Did you even read it?

This is a bootrom exploit, and with the recent supreme court judgement that essentially makes jailbreaking legal, Apple will get the crap sued out of them if they try and intentionally break jailbroken devices based on the shatter exploit.

This is not like the previous jailbreakme exploit that Apple indeed needed to patch as it was a legitimate exploit in the software, even for non jailbroken devices and would have been taken advantage of.

This exploit is completely different as Apple can't merely patch the issue at the source because its the bootrom, which is also hardly a true security threat. They would have to truly add something into iOS that flags the device as being jailbroken to disable it. That would appear to violate recent court rulings on jailbreaking, putting Apple in a very hard position.

I don't know about you, but I would not want 10+ million people on my tail joining a class action suite in which they currently have legal standing.


By trajan on 10/9/2010 12:37:15 PM , Rating: 2
It wasn't a Supreme Court decision that legalized jailbreaking, if I recall it was a rule promulgated by a committee at the library of congress (pursuant to authority they were granted in the Digital Copyright Act).

Anyone interested in the free use of technology should be aware of this -- the (recent) legal basis for jailbreaking is really rather tenuous. Congress or (more likely) the courts could reverse that protection at any time, unfortunately.


"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki