[sorbus]

"It's probably better to have him inside the tent pissing out, than outside the tent pissing in." - Lyndon B. Johnson

Seems like an apt quote; from Apple's point of view, it's much, much better to have Comex helping them increase their security and make it harder for their devices to be jailbroken than for him to be trying to circumvent their security, especially as he's shown himself to be quite effective at circumventing it. Admittedly, we don't don't what he's going to be working on, and his subsequent tweets show an expectation that future versions of iOS will still be jailbroken, so perhaps he's not going to be involved with security (or, just as likely, recognizes that perfect security is impossible).

[RyanKearney]

I wouldn't say security is impossible, but it isn't worth the time and effort some companies put into it.

For example, Apple could stop putting 30 pin connectors on the iPhone, replacing it with only a power port to charge the device, then sandbox the rest of their apps on the phone (currently every jailbreak involving a vulnerability had to do with the fact that Apple doesn't sandbox their own applications like they do with third party applications.)

Of course you could argue that you could take the device apart and hook up leads to the circuitry in an attempt to flash the device, but you're going to stop over 99.9% of the jail breaking community from jail breaking their devices.

[Xuzz]

That's incorrect. All apps are sandboxed — Safari most of all, in fact — comex just found ways to break out of the sandbox, usually by exploiting something in the iOS kernel.

In addition, while it is possible to make the dock connector power only, it's only possible as of iOS 5 (with WiFi syncing). Also, that dramatically increases the cost of repair: a single corrupted file can't just be fixed in a quick bootloader-level restore, it requires reprogramming the entire device at the factory (let alone the difficulty of simply transferring a large music library from a computer without USB).

It's definitely not "simple" for Apple to make jailbreaking more difficult than they have. iOS 4.3+ include all of the security measures you'd expect in a modern OS: W^X, ASLR, codesigning, etc. And still it was possible to evade those and exploit the browser+kernel in a foolproof, web jailbreak.

(I designed the website for http://jailbreakme.com/, and while comex did put a crazy amount of work into that project, it is certainly possible that someone could repeat it.)

[sorbus]

> I wouldn't say security is impossible, but it isn't worth the time and effort some companies put into it.

That's why I said that perfect security is impossible. It's entirely possible to lock something down to the point where 99.9% of people who would be interested in jailbreaking a device don't have the technical knowledge or skill required to break it (or just aren't willing to risk destroying the device), but some people will still figure out how to get around the security, even if it takes them a while (of course, if a jail-break isn't available until the version it's jail-breaking is obsolete, then the manufacturer could be said to win the battle).