backtop


Print 24 comment(s) - last by ninjaquick.. on Oct 12 at 1:19 PM


  (Source: Bloomberg)
Apple won't be able to fix this one without hardware changes

Greenpois0n is about to land.  The Chronic Dev Team, a group of iPhone firmware hacking enthusiasts and affiliates of the well-known iPhone Dev Team, announced via Twitter that the new software is progressing nicely and should be released this Sunday -- 10/10/10.  So what is greenpois0n and why should you care?

This clever piece of software, like the iPhone Dev Team's redsn0w, which preceded it, takes jailbreakers' war against zealously-restrictive Apple to new heights.  It allows another unbreakable path to removing Apple's restrictions in the short term, applicable to the iPad, iPhone, and iPod Touch devices running on iOS 4.1.

Apple has long begrudged purchasers of its devices the right to run software it finds annoying or morally offensive.  From the Flash multimedia player to entertainment apps like a South Park app, many pieces of software have been banned from Apple's tightly locked App Store ecosystem.

Many technology enthusiasts appreciate Apple's mobile hardware, but don't appreciate Apple making these decisions for them, so they've worked together to defeat the software protections that Apple has installed to prevent free software installation.  This process is known as jailbreaking (not to be confused with unlocking, which is freeing the phone of its carrier restrictions, e.g. AT&T in the U.S.).

Jailbreaking was long a legal gray area, but recent amendments to 1998's Digital Millenium Copyright Act have formally legalized it.

Apple's chief executive Steve Jobs has expressed a fervent disdain for these actions that borders on hatred.  He has committed his company to "a cat and mouse war" with the jailbreakers.  He complains that jailbreaking ruins his company's "magical" experience and his personal campaign to offer customers "freedom" from many evils such as pornography and poor performance.

If previous jailbreaking efforts irked Mr. Jobs, greenpois0n should be a worse blow.  Most past efforts focused on exploiting the device's software (such as a previous exploit that used a PDF vulnerability in the Safari web browser to execute arbitrary code) or its firmware. 

However, the new hack will directly use an exploit of the bootrom, first discovered by the iPhone Dev Team.  Since Apple can't alter the bootrom, it will be powerless to stop its users from gaining freedom (well not Apple's definition of "freedom", but freedom in a typical sense), barring a hardware update.  In other words, current model phones/iDevices should be permanently jailbroken.

About the only thing Apple could do is to try to roll out an update that detects jailbroken phones and breaks them.  Apple has tried this approach in the past and has been beaten back by lawsuits.  And such a measure would likely draw a public backlash, which is the last thing Apple given its fierce battle with a surging Android OS.

Ultimately, for Apple the new jailbreak is made more bitter in that they draw attention to the company's poor software and security performance.  Among security professionals Apple's software has long been considered buggy and easily exploitable; Apple devices are only "more secure" in that they have traditionally either had a small market share or are entering into new markets which have not drawn significant exploitation interest yet.

So for Apple greenpois0n may be quite a bitter pill to swallow, but for customers it is a sweet and long awaited pathway to freedom.

Notes:
The key difference between greenpois0n and the previous redsn0w is that greenpois0n can jailbreak the iPhone 4, iPod Touch 4G and Apple TV.  Redsn0w uses the SAME bootrom vulnerability, but can only jailbreak the older iPhone 3G, iPod Touch 2G.  Greenpois0n also adds linux support.

Also another very important note -- beware torrents purporting to be greenpois0n.  Antivirus software vendor Kapersky reports that hackers have cooked up fake "greenpois0n" torrents and downloads that really contain Trojan viruses.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By ninjaquick on 10/12/2010 1:19:35 PM , Rating: 2
http://www.macforensicslab.com/ProductsAndServices...

and

http://arstechnica.com/microsoft/news/2008/03/vist...

and

http://www.readwriteweb.com/archives/apple_quietly...

and

http://blog.intego.com/2010/06/01/intego-security-...

Oh and then there is the fact that there is only 1 Windows 7 unique exploit, which is a bootstrap exploit. Most if not all malware for windows 7 requires the User to agree to run it. I don't have an AV on my win7 system, I run a scan every once in awhile to make sure all is well but so far no infections at all...

Lastly, where is this 99.9% of security problems info from?


"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki