Nicholas "Comex" Allegra perpetually outwits the engineers at Apple, the world's most profitable tech company.  (Source: Forbes)

Comex may live at home, but he still knows how to crash on Apple  (Source: New Line Cinema)
Young 19-year-old hacking whiz still enjoys free housing courtesy of mom and dad as he completes higher ed.

Depending on which stereotypes you believe in, hackers are either rich, glamorous international celebrities or glasses-wearing introverts who spend their time in their parent's basement. 

I. Hacking@Home

Renowned iPhone hacker Nicholas "Comex" Allegra seemingly falls under the latter stereotype to a degree, but it's for a good cause.  Like many young people, he's saving money living at home while he attends college.  According to a recent interview with Forbes, the 19-year-old is attending Brown University, near his home of Chappaqua, New York.

But what he lacks in age and independent living accommodations, he more than makes up for in hardware hacking skills.  Along with George "GeoHot" Hotz, he's defeated the restrictions on virtually every iOS (iPhone, iPad) release to date.

Comex's contribution is JailBreakMe, a tool which exploits errors in the iPhone source code, in order to allow the phone to authorize code not authorized by Apple, Inc. (AAPL).  This opens the door to running rejected apps, installing custom wallpapers, and more forbidden pleasures in the iOS family.

JailBreakMe relies on run-time exploits in Apple's built in apps like Safari.  Given Apple's adversarial attitude towards jailbreaking, this makes it harder to maintain, as it's much easier to patch software exploits, than boot exploits (which other jailbreak utilities like the *ra1n series from GeoHot rely on).

Still Comex has made sure that JailBreakMe frequently works on most, if not all active versions of OS X.  The young hacker is constantly combing Apple's publicly shared sources for exploits to substitute, should Apple close his tool's current route of entry.

He tells Forbes, "It feels like editing an English paper. You just go through and look for errors. I don’t know why I seem to be so effective at it."

II. Brilliance in Action

Apple's engineers have tried their hardest to defeat Comex and maintain the company's control, which Forbes characterizes as "obsessive".  They first implemented code signing, which prevents hackers like Comex from using any command that Apple doesn't use in its code.  Apple hardware hacker Dino Dai Zovi compares the process of hacking a iOS device using Apple's own signed commands to assembling a ransom note out of magazine clippings -- doable, but time consuming.

And Apple has gone to even greater lengths, of late.  It's randomized the locations of its commands in memory, forcing Comex to discover the command locations at runtime, before piecing together his jailbreak attack.  But with JailBreakMe 3, he was able discover the command locations, using an exploit in how the iOS PDF handling code processed fonts.  Apple patched the vulnerability, sending Comex back to the drawing board yet again.

Comex's fans hope JailBreakMe 4 will yet again defeat Apple's protections, but Comex first has to find another way to discover the hidden commands.

Ironically, despite Apple and its CEO Steve Jobs' disgust for jailbreaking, Comex still loves Apple and calls himself an Apple "fanboy".  He calls Google Inc.'s (GOOG) rival smart phone operating system "the enemy".  He remarks, "I guess [my hacks are] just about the challenge, more than anything else."

The young hacker earns high praise from security researchers.  Mr. Zovi comments that his skills are akin to "advanced-persistent threat" hackers, which penetrate corporations and governments on behalf of foreign intelligence agencies.  In fact, "He’s probably five years ahead of them."

Mac hacking legend and former National Security Agency researcher, Charlie Miller remarks, "I didn't think anyone would be able to do what he's done for years. Now it's been done by some kid we had never even heard of. He's totally blown me away."

III. Beating the World's Most Profitable Tech Company? Easy.  Finding an internship? Tough.

Comex first appeared several years ago on the Wii hacking scene.  He is a self-taught programmer, having begun to learn Visual Basic at the age of 9.  In high school his OS hacking began, when he discovered he couldn't save a screenshot from Super Smash Brothers on Nintendo Comp., Ltd.'s (TYO:7974) Wii console to his computer.  He figured out how to translate the proprietary format and published it and several other Wii hacks.

Still, most hadn't heard of him until his iPhone work.  He recalls, "I didn't come out of the same background as the rest of the security community. So to them I seem to have come out of nowhere."

Comex feels that jailbreaking is legal.  Currently the art resides in a gray area of the law.  Jailbreaking your own devices is technically legal thanks to the Library of Congress's Summer 2010 amendments to the Digital Millennium Copyright Act [PDF] (DMCA).  However, those amendments were ambiguous to whether releasing tools to jailbreak others' devices was legal or not.  So far three court cases have ruled it was legal, while one has ruled it illegal.

For his part, Comex has tried to legitimize jailbreaking, by publishing patches that fix the dangerous vulnerability post-jailbreak.  For example he released a patch for the PDF handling, along with JailBreakMe 3.0.

Aside from making JailBreakMe 4.0, Comex has set his sights on a new challenge -- finding an internship.  After all Comex may be able to outsmart a team of top engineers at the world's most profitable tech company, but it's as hard for him to find a good internship as the next guy.

"Folks that want porn can buy an Android phone." -- Steve Jobs

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki