MobilitySecurity

Apple Reportedly Ends iPhone Jailbreak Exploit

Nathan Eddy is a contributor to eWeek and TechWeekEurope, covering cloud and BYOD

Follow on: Google +

Apple has reportedly added additional security to prevent the practice of unlocking or ‘jailbreaking’ its iPhone 3GS handsets, a practise that allows users to install software not officially sanctioned by Apple

Reports are emerging that Apple has taking steps to prevent users from installing uncertified software on their iPhone 3GS handsets.

Various ‘jailbreakers‘ around the globe began posting on the social networking site Twitter that the software exploit known as “24kPwn” is no longer working. Apple’s updated Bootrom file, iBoot-359.3.2, which started shipping last week, patches the hole and renders the exploit useless.

France-based Twitter user “Mathieulh” was one of the first iPhone owners to notice the updated version number. A member of the iPhone Dev-Team (a group of hackers in the iPhone OS community), MuscleNerd, also posted on Twitter and confirmed the loss of 24kPwn.

Over the summer Apple ratcheted up the rhetoric over the issue of jailbreaking its iPhone, warning allowing rampant unlocking of the device could lead to potential cyber-attacks, cell tower manipulation and increased drug deals. Apple argues that not only does jailbreaking violate a licence agreement between Apple and the purchaser of an iPhone, but it could lead to cell tower disruption by hackers looking to wreak havoc.

“Before partnering with Apple to provide voice and data services, it was critical to AT&T that the iPhone be secure against hacks that could allow malicious users, or even well- intentioned users, to wreak havoc on the network,” the company said in a July release. “Because jailbreaking makes hacking of the BBP software much easier, jailbreaking affords an avenue for hackers to accomplish a number of undesirable things on the network.”

These include manipulating the ECID (Exclusive Chip Identification) number that identifies the phone to the cell tower. With access to the BBP via jailbreaking, Apple charges that hackers may be able to change the ECID, which in turn can enable phone calls to be made anonymously, which Apple points out would be desirable to drug dealers, or charges for the calls to be avoided.

Apple claims if changing the ECID results in multiple phones having the same ECID being connected to a given tower simultaneously, the tower software might react in an unknown manner, including possibly kicking those phones off the network, making their users unable to make phone calls, or send and receive data.

Despite Apple’s documented dissent over jailbreaking, some business professionals are as likely as consumers to want their iPhone or competing smartphone jailbroken.