Apple Renders iPhone Jailbreak Exploit Useless
Reports are surfacing that Apple has taken steps to ensure a new shipment of iPhone 3GS smartphones is more hack-proof than ever. Various jailbreakers around the globe began posting on the social networking site Twitter that the software exploit known as "24kPwn" was no longer working. Apple's updated Bootrom file, iBoot-359.3.2, which started shipping last week, patches the hole and renders the exploit useless. France-based Twitter user "Mathieulh" was one of the first iPhone owners to notice the updated version number. A member of the iPhone Dev-Team (a group of hackers in the iPhone OS community), MuscleNerd, also posted on Twitter and confirmed the loss of 24kPwn.
Over the summer Apple ratcheted up the rhetoric over the issue of jailbreaking its iPhone, warning allowing rampant unlocking of the device could lead to potential cyber-attacks, cell tower manipulation and increased drug deals. Apple argues that not only does jailbreaking violate a license agreement between Apple and the purchaser of an iPhone, but it could lead to cell tower disruption by hackers looking to wreak havoc.
"Before partnering with Apple to provide voice and data services, it was critical to AT&T that the iPhone be secure against hacks that could allow malicious users, or even well- intentioned users, to wreak havoc on the network," the company said in a July release. "Because jailbreaking makes hacking of the BBP software much easier, jailbreaking affords an avenue for hackers to accomplish a number of undesirable things on the network."
These include manipulating the ECID (Exclusive Chip Identification) number that identifies the phone to the cell tower. With access to the BBP via jailbreaking, Apple charges that hackers may be able to change the ECID, which in turn can enable phone calls to be made anonymously, which Apple points out would be desirable to drug dealers, or charges for the calls to be avoided. Apple claims if changing the ECID results in multiple phones having the same ECID being connected to a given tower simultaneously, the tower software might react in an unknown manner, including possibly kicking those phones off the network, making their users unable to make phone calls or send and receive data.
Despite Apple's documented dissent over jailbreaking, some business professionals are as likely as consumer to want their iPhone or competing smartphone jailbroken. eWeek senior analyst Wayne Rash recently pointed out the positives and negatives IT departments might encounter when considering unlocking smartphones. Rash noted one of the advantages of unprovisioned smartphones is that its easier to implement consistent compliance, backup and security features when the company provisions the phone itself.