

Comex, the Hacker Behind JailbreakMe.com, Hired as Apple Intern - pooriaazimi
http://www.macrumors.com/2011/08/25/comex-the-hacker-behind-jailbreakme-com-hired-as-apple-intern/

======
sorbus
"It's probably better to have him inside the tent pissing out, than outside
the tent pissing in." - Lyndon B. Johnson

Seems like an apt quote; from Apple's point of view, it's much, much better to
have Comex helping them increase their security and make it harder for their
devices to be jailbroken than for him to be trying to circumvent their
security, especially as he's shown himself to be quite effective at
circumventing it. Admittedly, we don't don't what he's going to be working on,
and his subsequent tweets show an expectation that future versions of iOS will
still be jailbroken, so perhaps he's not going to be involved with security
(or, just as likely, recognizes that perfect security is impossible).

~~~
RyanKearney
I wouldn't say security is impossible, but it isn't worth the time and effort
some companies put into it.

For example, Apple could stop putting 30 pin connectors on the iPhone,
replacing it with only a power port to charge the device, then sandbox the
rest of their apps on the phone (currently every jailbreak involving a
vulnerability had to do with the fact that Apple doesn't sandbox their own
applications like they do with third party applications.)

Of course you could argue that you could take the device apart and hook up
leads to the circuitry in an attempt to flash the device, but you're going to
stop over 99.9% of the jail breaking community from jail breaking their
devices.

~~~
Xuzz
That's incorrect. All apps are sandboxed — Safari most of all, in fact — comex
just found ways to break out of the sandbox, usually by exploiting something
in the iOS kernel.

In addition, while it is possible to make the dock connector power only, it's
only possible as of iOS 5 (with WiFi syncing). Also, that dramatically
increases the cost of repair: a single corrupted file can't just be fixed in a
quick bootloader-level restore, it requires reprogramming the entire device at
the factory (let alone the difficulty of simply transferring a large music
library from a computer without USB).

It's definitely not "simple" for Apple to make jailbreaking more difficult
than they have. iOS 4.3+ include all of the security measures you'd expect in
a modern OS: W^X, ASLR, codesigning, etc. And still it was possible to evade
those and exploit the browser+kernel in a foolproof, web jailbreak.

(I designed the website for <http://jailbreakme.com/>, and while comex did put
a crazy amount of work into that project, it is certainly possible that
someone could repeat it.)

------
giberson
I remember reading an article about the Half life 2 leak--I remember a bit
about where the person responsible reached out to Gabe newell, and playing it
cool Gabe offered him a job.

 _Newell kept corresponding with Gembe, and Gembe was led into believing that
Valve wanted to employ him as an in-house security auditor. He was to be
offered a flight to the USA and was to be arrested on arrival by the FBI._
\--wikipedia excerpt

Luckily for Axel his government intervened before he could make the mistake of
actually going to the USA where it's likely events would have turned out much
worse for him.

The point, anyway, is this sounds very terribly similar. Comex may already be
in the US, regardless I wouldn't be so quick to accept a "job" offer from a
company I've been irking for a couple years. Hopefully the offer is on the up
and up, for Comex's sake.

~~~
aptwebapps
He hasn't committed a crime and even if they don't like what he's done, I
doubt that they have it in for him.

Even if they do, what are they going to do? Sabotage his career by giving him
bad references?

~~~
resnamen
Jailbreaking isn't illegal for him now, but I imagine the taint of insider
knowledge of Apple's products could make future jailbreak development a very
risky proposition indeed!

------
pooriaazimi
In case you missed it, Forbes profiled Comex earlier this month:
[http://blogs.forbes.com/andygreenberg/2011/08/01/meet-
comex-...](http://blogs.forbes.com/andygreenberg/2011/08/01/meet-comex-the-
iphone-uber-hacker-who-keeps-outsmarting-apple/)

This is how Forbes' article ends: _"A postscript to Apple: Perhaps your
security team could use another intern."_

------
noonespecial
They'd better think about keeping him on as more than just an intern. If he
accepts, he's going to learn a lot more secrets in a very short time.

~~~
RuadhanMc
Yes, but you see, in order for him to actually get the gig as an Apple intern
he'll have to sign his soul away and the consequences of leaking any
information after he's signed those papers will be draconian.

------
rpearl
It's not really that unexpected, is it? Most good students get a ton of
internship offers at these sorts of companies.

------
chromejs10
Comex wrote a lot of cool apps for Cydia. Maybe he can help convince apple to
integrate some of the more useful ones.

~~~
comex
The only interesting package I had on Cydia was Frash, and I don't see that
being built in in the near future. :)

------
yuhong
I wonder if Steve Jobs leaving as CEO at Apple has to do with this.

