It's interesting how the progress of iPhone hacks is mirroring that of the PSP homebrew scene 5 or 6 years ago. First there were a bunch of easy to use vulnerabilities or hidden features in apps (like the hidden browser in WipeOut)that provided functions that were offered natively in future versions of the OS. Then the hacking scene moved to OS vulnerabilities. As Sony locked down the platform tighter and tighter, people moved to hardware, using modded batteries to boot the PSP in some kind of troubleshooting mode.
Eventually, both Sony and the hackers kind of lost interest, I think -- I haven't kept up with things, TBH. That said, Sony had the PS Vita to move to, but I don't see the iPhone changing significantly in the next few years (risky words, I know, but I'll be happy if proven wrong).
Unfortunately, since it is a university research group, they probably disclosed responsibly and whatever defect allowed this form of jailbreaking will soon be fixed. That means that it's unlikely that people will have a perennial, easy jailbreak going forward from this source.
>Unfortunately, since it is a university research group, they probably disclosed responsibly and whatever defect allowed this form of jailbreaking will soon be fixed.
I wouldn't consider that unfortunate. Responsible disclosure should be praised!
In almost all circumstances, I agree. However, the one circumstance I don't agree is when systems are being kept secure mainly against their own users. In this case, insecure systems are preferable (as a user), especially when the attack vector is likely to only be triggered intentionally. Since I don't plug my iphone into random USB cables pretty much ever, the only likely case where this vulnerability could be exploited against my phone is if I chose to jailbreak it.
You're right, but then again, I also like being able to run my own software on my own devices.
If secure means closed well, that is not a trade off a lot of people are not willing to make. Just take a look at the outrage from the Windows 8 secure boot loader that can theoretically stop linux from being installed.
Personally, I like it when companies include some physical mechanism of getting root access to the machine. Whether we have to get root access through the charger port, or pressing F12 when the PC is booting, this mechanism will by definition have to be a 'vulnerability.' Of course, root access in this sense is referring to bootloader root access, not the operating system - that would be bad. We can only assume which type of root access is being referred to in the hack above.
If secure means closed well, that is not a trade off a lot of people are not willing to make
You're living inside a tech bubble. The vast majority of iPhone owners don't care about "open". They care about "it works". These people are benefited greatly from having a "closed" yet secure system.
I too would like to run my own software on my iPhone, yet i would rather it be closed and as secure as possible then open. It, to me, is a phone first, and a computing device second and its security is more important then anything else.
> I also like being able to run my own software on my own devices.
Don't use an iPhone :) Vote with your wallet!
And for the Windows 8 lock down of Linux, there are still numerous ways to get a Linux-enabled laptop, or to ensure that what you buy will work well.
For the vast majority of them, they'll never plug their phone into a non-Apple connector, so the security status of this subsystem will not have any practical importance either way.
I think you underestimate how willing people are to share chargers. If you make one of these malicious chargers, and mock it up to look similar enough to an Apple one, I bet you could compromise a decent number of phones just by hanging out in a popular place (e.g. a coffee shop, or an airport) and making your charger available to folks.
What? I am not speaking about a religious desire for freedom. I'm speaking of the practical pros and cons of wanting to use a system I own in a certain way and not being able to, versus a miniscule risk of a certain attack vector being exploited.
Did the irony of calling my point of view religious while implying that security overrides all other preferential considerations escape you?
If a faulty ethernet driver lets you compromise a laptop just by plugging it into a malicious network, that's a legitimate vulnerability, not really a case of "well, they had physical access".
USB may be customarily treated as more trusted than ethernet, but there are clearly still scenarios where untrusted people may be able to send you USB messages.
"Here, mind if I plug my video camera into your Firewire port to charge (and trawl through your ram and swapspace looking for any usernames and passwords)?"
I dunno - with USB debugging turned off, you can't do much to an Android device even if you can plug an arbitrary device into its USB port. There's a reason I make sure it's turned off every time I leave the house!
To some extent, sure, but we don't have to make it easy to get root access. Encryption on hard drives, removing the USB auto-play feature from windows, having to enter the PIN on a WP7 device before being able to deploy a developer app over USB, ect, are such examples that can make it considerably harder to get root access despite having the physical machine.
That rule of thumb usually refers to having unfettered access to the hardware - to be able to crack it open, snoop on internal signals etc.
In this case the problem is that the dock is expected to be a safe interface (untrusted), when it actually isn't. For ex, people would be surprised if their computer could be hacked by plugging it into a malicious power socket. And likewise they'll be surprised if they find out their phone can be hacked by putting it on an alarm-clock ipod dock in their hotel room.
Eventually, both Sony and the hackers kind of lost interest, I think -- I haven't kept up with things, TBH. That said, Sony had the PS Vita to move to, but I don't see the iPhone changing significantly in the next few years (risky words, I know, but I'll be happy if proven wrong).