So much misinformation. Apple "rushed to patch the security opening" because IT'S A SECURITY FLAW that allows unrestricted code execution via a website. That's a pretty huge problem; shouldn't it be fixed right away?
"After Allegra released JailbreakMe 2 last year, Apple upped its game another notch, randomizing the location of code in memory so that hackers can’t even locate commands to hijack them." Another security method, and one that some people ripped on Apple for not including for so long. Now they put it in and it's a paranoid response to stop jailbreakers?
Listen, there's no legal issue with jailbreaking. That issue has been settled, as much as it can be without a lawsuit and a court ruling. But Apple is under no obligation to make it easy, or to leave gaping security holes for jailbreak tools to waltz through. We need to stop acting like Apple is persecuting jailbreakers, when what they're really doing is fixing security holes.
It's a difficult problem to explain in a typical narrative journalism style. Patching security is a good thing, yes. Being able to do what you want with your own phone, The Man be damned is also a good thing. Now, try to present both sides in a catchy article written for general audiences about a member of the jailbreak community.
"The tool isn’t intended for theft or vandalism: It merely lets users install any application they want on their devices. But jailbreaking, as the practice is called, violates Apple’s obsessive control of its gadgets and demonstrates software holes that could be exploited later by less benevolent hackers."
I have no clue how there is even a question about the legality of using your own hardware for whatever you want. I could "crash cell phone towers" with my car, but that doesn't give Ford the right to weld my hood shut. Seriously, how is this acceptable to anyone?
I would venture to say that the people who make the laws don't understand technology in the least. Think about your average parent or grandparent who equates AOL (or the Internet Explorer icon) to being "the internet". Now try to get them to understand a concept like jailbreaking, it's a daunting prospect, technology is emerging and changing at a rate faster than they can possibly comprehend. Society is asking them to make judgement calls about something they're not the least bit qualified to...and yet they're doing it anyways.
If you jailbreak but continue to make phonecalls, use the AppStore, etc. are you in breach of any of the contracts you signed or licenses you agreed to?
Jailbreakme is an amazingly elegant tool. Although I seriously doubt they will, Apple should definitely hire him. His products show that he understands design as well as anyone on their payroll now. That combined with his obvious coding skills make him the ideal Apple engineer.
I never understand this sentiment. Jailbreak tools thrive on the knowledge that there's always another flaw out there waiting to be discovered. How would comex rid Apple's entire development process of error?
Plus, if he jailbreaks devices because he believes people should be free to do with their hardware as they please why on earth would he effectively join the dark side?
> "why on earth would he effectively join the dark side?"
Money.
> "How would comex rid Apple's entire development process of error?"
It wouldn't - but finding exploits and security holes isn't a matter of course. There aren't altogether that many people who have the talents for it, much less the ability to package it into a coherent tool that normal joes can actually download and use.
I have a feeling that there are few enough people who fit this description that Apple can effectively buy them all out.
> How would comex rid Apple's entire development process of error?
That's why I hedged with "temporarily". If he's the best that's working on jailbreaking now, just taking him off that project would already help. And asking him to work to secure phones would be a great help, too - he could spot potential vulnerabilities before they're shipped.
This won't make the iPhone into a space-shuttle, but it will make jailbreaking harder, perhaps significantly so.
> Plus, if he jailbreaks devices because he believes people should be free to do with their hardware as they please why on earth would he effectively join the dark side?
They'll drive a dump-truck full of money up to his house. Or maybe there's something else he values more than the belief in free hardware.
Recent history proves that Apple is not capable of solving the jail breaking problems with their current security organization. If they were, then their Operating Systems wouldn't be broken so quickly.
I think the issue is not their security team, who seem to do quite a good job securing iOS (which I'd consider one of, if not the most, secure consumer operating systems out there). The issue is that securing an OS is hard. It's hard to make it that someone with physical access to the device cannot just run code on it, which is what jailbreaking (in its purest form, on iOS devices) is.
Arbitrary code execution is different than requiring physical access to the device. The JailbreakMe site could have run malicious code and it could have spread itself and run without the user knowing.
I was talking about the majority of jailbreaks, not JailbreakMe. Most jailbreaks are done at the low-level bootloader level, which does require physical access to the device (as well as pressing a bunch of buttons in a certain way); and even that doesn't get you access to the keychain or anything it protects.
Also, even if JailbreakMe was malicious (or somebody used the same code or exploits in a malicious way), it could not "spread itself": it was a browser exploit (although it would be possible to run without the user knowing).
> Also, even if JailbreakMe was malicious (or somebody used the same code or exploits in a malicious way), it could not "spread itself": it was a browser exploit (although it would be possible to run without the user knowing).
It could certainly spread. Maybe it could SMS a link to a malicious download to your most frequently contacted contacts? Being able to run arbitrary code on a device that knows how to contact all your friends certainly introduces some vectors for attack.
It's a font-based exploit, not PDF. The particular implementation on JailbreakMe used a PDF, but it could easily work in @font-face with CSS on any webpage (or, as we did on JailbreakMe, just hiding an <iframe> to the PDF).
I'm not sure hiring a cracker like Comex is an easy decision for any big corporation, especially for a company as tidy as Apple. Thanks to him they're probably spending big bucks on legal fees and losing valuable sleeping hours reviewing those exploits (which is a good thing anyway). Not to mention PR headaches he has caused. OTOH, Comex work helps boost iPhone sales among techies. I know people who chose Apple over Android just because they could jailbreak it.
It probably wouldn't be an easy decision for Comex either... I recall that hacker that turned down Sony's offer. What could happen to your hacker freedom once you're at your employer's mercy? And if you leave Apple someday, forget about jailbreaking any other Apple device for as long as you live due NDA's and all the legal stuff he would have sign.
> 'His products show that he understands design as well as anyone on their payroll now.'
He designed none of the interface.
> '... his obvious coding skills ...'
A lot of the time, a person's coding skills are judged by how readable their code is, and how well they utilize SCM. Also, to be an Apple engineer you want extensive experience with Objective-C.
https://github.com/comex/star_
Now I don't mean to say comex is a bad programmer at all, the stuff he writes is amazing, I just feel like he wouldn't make a good Apple engineer.
He didn't design the interface (Apple did; it's a clone of the App Store, and I guess I designed some of the iPad UI), but he did work very hard to ensure that the user experience was great. There was quite a bit of discussion about that, even: comex spent months porting unionfs for little benefit (right now) than being able to install Cydia without rebooting, so it could look like an App Store installation.
It's worth mentioning that geohot was, by no means, a fabulous programmer - sure, he's done a lot of great reverse engineering and security work, but if you look at his code, it was both advanced and sloppy. However, Facebook hired him to work on product development, even though he's known to not be much of a programmer.
Comex may not fit the profile of an Apple engineer, but I think he'd still do a damn good job as one.
Who cares about design or coding skills? Apple should hire him to help improve security, if only by doing what he does right now and sending results back to another team at Apple!
The kind of control Apple seeks (to what purpose is irrelevant) is doomed to fail. You simple cannot control a device once it's in the possession of an 'adversary' (which in this context seems to be the owner of the device).
Once the attacker (again, the owner of the phone who wants to jailbreak) has possession of the phone, he has complete control over it. I wonder if Apple has this internal posture that they should make appearances of caring about jailbreaking (for the benefit of the carriers and their contracts) but actually it's not such a big deal.
You assume apple overly cares about jailbreaking. I feel they wish it were impossible, but knowing that it isn't, just want to make it difficult enough 'normal people' don't do it and start breaking things on the phone and not understand their jailbreaking is what broke things.
Hell, their AT&T contract was probably the only reason they got super up in arms about it anyhow.
The reason Apple closes the security loopholes is that they are security loopholes. It's not some sort of arms race. It's securing their platform.
Notice they have a pretty effective iBooks test for Jailbroken devices, but they don't deploy it widely, etc. I think they're at peace with the JB community as sort of a free research lab for them (hell, on device 3rd party apps came from the JB community first!) and use them to fix security holes in their platform as they are revealed.
Well, it's not that effective; it was worked around within days of showing up. Interestingly, to my knowledge, Google's similar check to prevent rooted devices playing movie rentals hasn't been worked around yet.
Comex and others are finding bugs, and Apple are fixing them. Not because Apple are irrational control freaks, but because the bugs they find and use to jailbreak the devices are extremely serious security holes. To not fix them would be incredibly irresponsible.
Actually, not really. From what I know, the keychain security hasn't been broken, except through brute forcing the passcode. While that's usually possible for the standard 4-digit passcode, it's not always possible. Jailbreaking is a necessary step to get the access necessary to brute force, but it doesn't magically break open the device for full access. (However, I am not an expert at this. I've talked with NerveGas (http://www.iosresearch.org/), but he's the person who really knows the most about that kind of stuff.)
A lot of what people are trying to protect is stores in the clear, though: I personally don't want people piking up my phone and stealing my address book and photos. Google's approach to this, a supported "jailbreak" (fastboot oem unlock) that formats the phone as it does its job, is tome the best solution, as it guts the incentives of people like comex to weaponize an exploit so well that any evil idiot can use it (in essence, the only people with the technology would be the "larger evil", as opposed to people like your nephew, ex-husband, or business rival).
They transparently do. Which makes total sense; the diminishing returns on jailbreak prevention are steep. Once you've made it enough of a hassle that 95% of your user base is confined to your ecosystem, how much is it really worth to you to get that last 5%, who would probably just switch to Android anyway?
I'm pretty sure that's correct. I know they take stuff like JailbreakMe seriously — remote code execution exploits and sandbox evasions might cause real issues — but I don't think they care all that much about your normal USB-based jailbreak.
The other replies seem to ignore the fact you are presenting, they don't give you administrator access to a device they sell you, but retain it only for themselves. You're right in saying that this is just in general an untenable situation given just the general problem is as you say, the potential attacker and potential customer are potentially the same person.
If he has philosophical disagreements with Apple's hardware/software model, why would he stop? Sure the government has one of his aliases, but he can always change to another one. He shouldn't; but, if he truly believes that iPhones should be jailbroken, he may either: refuse the offer, or continue to write jailbreaking software despite the consequences.
I do not believe you. Who? If you can't list their names, then it's pretty clear that Apple doesn't approve of their actions whatsoever.
If you can, then Apple explicitly working to close security holes, not providing a sponsored jailbreak solution, and letting people work on exploiting security holes, seems pretty damn absurd.
Actually I was specifically mentioning the OSx86 project. I just figured that if Apple insiders are helping the OSx86 project they might be helping the JB community as well.
No, you're right I can't list names. Apple does not approve of the OSx86 project.
Ugh. “Obsessive control”? “Obsessive”? It’s a (very smart and seemingly unbeatable) strategy to limit user actions on these devices to known-safe actions, to prevent users from e.g. changing how the system itself works. It keeps down things like: User confusion, malware potential, customer support, third-party developer testing (heterogenous devices), etc.
I hate when bullshit business rags ascribe a quality like “obsession” (with the connotation of OCD or some sort of mental imbalance) to a booming business like Apple. As if they know better in this matter, despite the way Apple’s competitors in the market are making crazy little money in comparison…
The kid goes to my school; we're both in the CS department. I met him once, and I saw him around the department a lot while he was still here. I don't know him, but from what I've seen, it's no surprise he hasn't found an internship: the kid is incredibly anti-social. Not to mention that being dismissive of other people in your first year isn't exactly the best way to build up connections.
Before I saw this article, I honestly had no idea he was Comex. I could tell he was brilliant, but that's pretty awesome.
Agreed. It's strange that people get all up in arms when the government does this for suspects and yet when some random journalists start snooping around, trying to dig dirt up on you, and blackmails you to write a story (and then proceed to make money from said story), nobody seems to care. Ridiculous. Forbes should be chastised for this.
For the record, I spoke to this reporter for a couple hours, and even had him tell me exactly how he got comex's name (which I did not actually know).
He plays it up in that quote from his article, but it turns out getting the name was /trivial/: comex had a public Facebook account, in his real name, using one of his standard usernames. It is actually likely that he got the name before he even realized it was supposed to be "secret".
In fact, I even joked "fair enough; you know, I've never actually looked, but for all I know his personal domain name is registered to his home address by his mother or something": it turns out it literally is.
(It should also be noted that comex has agreed to talk to reporters before, such as for an article published by Reuters.)
His name also shows up in a few of his GitHub repositories, so it's not like they used illegitimate tactics to uncover his real identity that was already somewhat public.
Forbes shouldn't be chastised over releasing his name, and anyone who thinks that blackmail or anything of the sort played a role is just being silly.
Yes, but it's the same thing when the FBI checks Facebook trivially. People still seem to have a problem with them doing any sort of searching via social networking.
This has nothing to do with 'higher standard' if the media is the one responsible for publishing your name, publicizing it, and most importantly making money off of it.
"After Allegra released JailbreakMe 2 last year, Apple upped its game another notch, randomizing the location of code in memory so that hackers can’t even locate commands to hijack them." Another security method, and one that some people ripped on Apple for not including for so long. Now they put it in and it's a paranoid response to stop jailbreakers?
Listen, there's no legal issue with jailbreaking. That issue has been settled, as much as it can be without a lawsuit and a court ruling. But Apple is under no obligation to make it easy, or to leave gaping security holes for jailbreak tools to waltz through. We need to stop acting like Apple is persecuting jailbreakers, when what they're really doing is fixing security holes.