on which stereotypes you believe in, hackers are either rich, glamorous
international celebrities or glasses-wearing introverts who spend their time in their parent's basement.
Renowned iPhone hacker Nicholas "Comex" Allegra seemingly falls under
the latter stereotype to a degree, but it's for a good cause. Like many
young people, he's saving money living at home while he attends college.
According to a recent interview with Forbes,
the 19-year-old is attending Brown University,
near his home of Chappaqua, New York.
But what he lacks in age and independent living accommodations, he more than
makes up for in hardware hacking skills. Along with George
"GeoHot" Hotz, he's defeated the restrictions on virtually every iOS
(iPhone, iPad) release to date.
Comex's contribution is JailBreakMe, a tool which exploits errors in the iPhone source code, in
order to allow the phone to authorize code not authorized by Apple, Inc. (AAPL).
This opens the door to running rejected apps, installing custom wallpapers, and more forbidden pleasures in the iOS family.
JailBreakMe relies on run-time exploits in Apple's built in apps like Safari.
Given Apple's adversarial attitude towards jailbreaking, this makes it
harder to maintain, as it's much easier to patch software exploits, than boot
exploits (which other jailbreak utilities like the *ra1n series from GeoHot rely on).
Still Comex has made sure that JailBreakMe frequently works on most, if not all
active versions of OS X. The young hacker is constantly combing Apple's
publicly shared sources for exploits to substitute, should Apple close his
tool's current route of entry.
He tells Forbes, "It feels like editing an English paper. You
just go through and look for errors. I don’t know why I seem to be so effective
II. Brilliance in Action
Apple's engineers have tried their hardest to defeat Comex and maintain the
company's control, which Forbes characterizes as
"obsessive". They first implemented code signing, which
prevents hackers like Comex from using any command that Apple doesn't use in
its code. Apple hardware hacker Dino Dai Zovi compares the process of hacking
a iOS device using Apple's own signed commands to assembling a ransom note out
of magazine clippings -- doable, but time consuming.
And Apple has gone to even greater lengths, of late. It's randomized the
locations of its commands in memory, forcing Comex to discover the command
locations at runtime, before piecing together his jailbreak attack. But
with JailBreakMe 3, he was able discover the command locations, using an
exploit in how the iOS PDF handling code processed fonts. Apple patched
the vulnerability, sending Comex back to the drawing board yet
Comex's fans hope JailBreakMe 4 will yet again defeat Apple's protections, but
Comex first has to find another way to discover the hidden commands.
Ironically, despite Apple and its CEO Steve Jobs' disgust for jailbreaking, Comex still loves Apple
and calls himself an Apple "fanboy". He calls Google Inc.'s (GOOG)
rival smart phone operating system "the enemy". He remarks,
"I guess [my hacks are] just about the challenge, more than anything
The young hacker earns high praise from security researchers. Mr. Zovi
comments that his skills are akin to "advanced-persistent threat"
hackers, which penetrate corporations and governments on behalf of foreign
intelligence agencies. In fact, "He’s probably five years ahead of
Mac hacking legend and former National Security Agency researcher, Charlie
Miller remarks, "I didn't think anyone would be able to do what he's done
for years. Now it's been done by some kid we had never even heard of. He's
totally blown me away."
III. Beating the World's Most Profitable Tech Company? Easy. Finding
an internship? Tough.
Comex first appeared several years ago on the Wii hacking scene. He is a
self-taught programmer, having begun to learn Visual Basic at the age of 9.
In high school his OS hacking began, when he discovered he couldn't save
a screenshot from Super Smash Brothers on Nintendo Comp., Ltd.'s (TYO:7974) Wii
console to his computer. He figured out how to translate the proprietary
format and published it and several other Wii hacks.
Still, most hadn't heard of him until his iPhone work. He recalls,
"I didn't come out of the same background as the rest of the security
community. So to them I seem to have come out of nowhere."
Comex feels that jailbreaking is legal. Currently the art resides in a
gray area of the law. Jailbreaking your own devices is technically legal thanks to the Library of Congress's Summer
2010 amendments to the Digital Millennium Copyright Act [PDF]
(DMCA). However, those amendments were ambiguous to whether releasing
tools to jailbreak others' devices was legal or not. So
far three court cases have ruled it was legal, while one has ruled it illegal.
For his part, Comex has tried to legitimize jailbreaking, by publishing patches
that fix the dangerous vulnerability post-jailbreak. For example he
released a patch for the PDF handling, along with JailBreakMe 3.0.
Aside from making JailBreakMe 4.0, Comex has set his sights on a new challenge
-- finding an internship. After all Comex may be able to outsmart a team
of top engineers at the world's most profitable tech company, but it's as hard
for him to find a good internship as the next guy.
quote: This opens the door to running rejected apps, installing customer wallpapers, and more forbidden pleasures in the iOS family.