Print 21 comment(s) - last by blueeyesm.. on Aug 2 at 4:33 PM

Nicholas "Comex" Allegra perpetually outwits the engineers at Apple, the world's most profitable tech company.  (Source: Forbes)

Comex may live at home, but he still knows how to crash on Apple  (Source: New Line Cinema)
Young 19-year-old hacking whiz still enjoys free housing courtesy of mom and dad as he completes higher ed.

Depending on which stereotypes you believe in, hackers are either rich, glamorous international celebrities or glasses-wearing introverts who spend their time in their parent's basement. 

I. Hacking@Home

Renowned iPhone hacker Nicholas "Comex" Allegra seemingly falls under the latter stereotype to a degree, but it's for a good cause.  Like many young people, he's saving money living at home while he attends college.  According to a recent interview with Forbes, the 19-year-old is attending Brown University, near his home of Chappaqua, New York.

But what he lacks in age and independent living accommodations, he more than makes up for in hardware hacking skills.  Along with George "GeoHot" Hotz, he's defeated the restrictions on virtually every iOS (iPhone, iPad) release to date.

Comex's contribution is JailBreakMe, a tool which exploits errors in the iPhone source code, in order to allow the phone to authorize code not authorized by Apple, Inc. (AAPL).  This opens the door to running rejected apps, installing custom wallpapers, and more forbidden pleasures in the iOS family.

JailBreakMe relies on run-time exploits in Apple's built in apps like Safari.  Given Apple's adversarial attitude towards jailbreaking, this makes it harder to maintain, as it's much easier to patch software exploits, than boot exploits (which other jailbreak utilities like the *ra1n series from GeoHot rely on).

Still Comex has made sure that JailBreakMe frequently works on most, if not all active versions of OS X.  The young hacker is constantly combing Apple's publicly shared sources for exploits to substitute, should Apple close his tool's current route of entry.

He tells Forbes, "It feels like editing an English paper. You just go through and look for errors. I don’t know why I seem to be so effective at it."

II. Brilliance in Action

Apple's engineers have tried their hardest to defeat Comex and maintain the company's control, which Forbes characterizes as "obsessive".  They first implemented code signing, which prevents hackers like Comex from using any command that Apple doesn't use in its code.  Apple hardware hacker Dino Dai Zovi compares the process of hacking a iOS device using Apple's own signed commands to assembling a ransom note out of magazine clippings -- doable, but time consuming.

And Apple has gone to even greater lengths, of late.  It's randomized the locations of its commands in memory, forcing Comex to discover the command locations at runtime, before piecing together his jailbreak attack.  But with JailBreakMe 3, he was able discover the command locations, using an exploit in how the iOS PDF handling code processed fonts.  Apple patched the vulnerability, sending Comex back to the drawing board yet again.

Comex's fans hope JailBreakMe 4 will yet again defeat Apple's protections, but Comex first has to find another way to discover the hidden commands.

Ironically, despite Apple and its CEO Steve Jobs' disgust for jailbreaking, Comex still loves Apple and calls himself an Apple "fanboy".  He calls Google Inc.'s (GOOG) rival smart phone operating system "the enemy".  He remarks, "I guess [my hacks are] just about the challenge, more than anything else."

The young hacker earns high praise from security researchers.  Mr. Zovi comments that his skills are akin to "advanced-persistent threat" hackers, which penetrate corporations and governments on behalf of foreign intelligence agencies.  In fact, "He’s probably five years ahead of them."

Mac hacking legend and former National Security Agency researcher, Charlie Miller remarks, "I didn't think anyone would be able to do what he's done for years. Now it's been done by some kid we had never even heard of. He's totally blown me away."

III. Beating the World's Most Profitable Tech Company? Easy.  Finding an internship? Tough.

Comex first appeared several years ago on the Wii hacking scene.  He is a self-taught programmer, having begun to learn Visual Basic at the age of 9.  In high school his OS hacking began, when he discovered he couldn't save a screenshot from Super Smash Brothers on Nintendo Comp., Ltd.'s (TYO:7974) Wii console to his computer.  He figured out how to translate the proprietary format and published it and several other Wii hacks.

Still, most hadn't heard of him until his iPhone work.  He recalls, "I didn't come out of the same background as the rest of the security community. So to them I seem to have come out of nowhere."

Comex feels that jailbreaking is legal.  Currently the art resides in a gray area of the law.  Jailbreaking your own devices is technically legal thanks to the Library of Congress's Summer 2010 amendments to the Digital Millennium Copyright Act [PDF] (DMCA).  However, those amendments were ambiguous to whether releasing tools to jailbreak others' devices was legal or not.  So far three court cases have ruled it was legal, while one has ruled it illegal.

For his part, Comex has tried to legitimize jailbreaking, by publishing patches that fix the dangerous vulnerability post-jailbreak.  For example he released a patch for the PDF handling, along with JailBreakMe 3.0.

Aside from making JailBreakMe 4.0, Comex has set his sights on a new challenge -- finding an internship.  After all Comex may be able to outsmart a team of top engineers at the world's most profitable tech company, but it's as hard for him to find a good internship as the next guy.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: I can see why...
By Master Kenobi on 8/1/2011 8:38:49 PM , Rating: 5
Indeed, it is fine to show off like this but it is hardly marketable if you release tools to the general public. The hackers you never hear about end up with the nice jobs because they make it a point to find the holes, report them to the proper channels and make their connections with security companies to land high paying research/penetration jobs. It's a business savy mindset most of the younger hackers lack, as they seem to still live in the world of unicorns and rainbows.

RE: I can see why...
By someguy123 on 8/1/2011 9:56:09 PM , Rating: 4
I wouldn't say it's lacking in business mindsets, more that they generally aren't interested in working for these people in the first place.

Comex may be an exception, but there are plenty of people who do this purely as a hobby and release to the public for entertainment/acknowledgement/no particular reason.

RE: I can see why...
By 91TTZ on 8/2/2011 9:10:09 AM , Rating: 4
It's a mindset they lack? I disagree. I think they just haven't been corrupted by money yet. He's hacking for the people instead of a huge oppressive corporation.

Once he has to pay his own bills he'll have to work for a company by necessity, unless he plans on working for himself in a different field.

RE: I can see why...
By nafhan on 8/2/2011 9:37:06 AM , Rating: 5
Or... he might not be able to find a job because he's 19, hasn't finished college, and (maybe) lives in a location without a lot of available tech jobs/internships. Finding a good internship, especially now, can be difficult (really breaking into the industry in general is difficult). However, he sounds like a talented guy, and I'm sure he'll do fine long term.

RE: I can see why...
By tastyratz on 8/2/2011 11:32:24 AM , Rating: 2
You state this like it is a character flaw, I see it more a nobility. He is releasing his work and becoming known. Someone infamous for high profile hacks will surely be noticed as a pseudo celebrity in his field when applying. Individuals who TRULY do penetration testing are hardly squeaky clean, and many have a history just like him. This does not make him business savvy, he just has a more open source life.

Apple would be foolish not to hire him, but eventually I am sure they will chose to lose a lawsuit instead. They should learn from Sony and George Hotz.

"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki