

JailbreakMe highlights just how vulnerable iOS users are - ukdm
http://www.extremetech.com/mobile/89210-jailbreakme-highlights-just-how-vulnerable-ios-users-are

======
pixdamix
As an android user (I previously owned an iPhone 3G) I don't feel especially
safe either.

I'm kind of worried by the current status of mobile securiy. I kind of need to
log on my bank account on my phone (That's why I own a 'smart' phone after
all). But I really don't feel safe, I try to not install suspicious
applications because I'm aware of the various risks but as someone pointed out
the other day: "Given a choice between dancing pigs and security, users will
pick dancing pigs every time."

Time will tell, maybe we need a Blaster/Stuxnet like event on smartphones in
order to realize what's really going on.

Smartphone security feels like the Windows 9x era, let's go on the internet
and pray !

[1]: <http://en.wikipedia.org/wiki/Dancing_pigs>

~~~
canistr
And even with mobile security like Lookout installed, we still can't be sure
it completely protects Android devices.

------
canistr
On one hand, I like to jailbreak my iOS devices to have the extra power and
freedom.

But on the other hand, sites like jailbreakme.com really highlight just how
terrible Apple's security is. Things like this really shouldn't happen and it
would probably be better that jailbreaks didn't exist. With all the different
types of transactions and personal information stored on iOS devices, it's
really unsettling to think that a simple website could remotely exploit a
security flaw and provide complete access to my iOS device.

~~~
albedoa
_> it's really unsettling to think that a simple website could remotely
exploit a security flaw and provide complete access to my iOS device._

The thing is, these exploits exist before the jailbreaks themselves. If
jailbreaks were no longer released publicly, the exploits would still be
there. Who knows what would have happened if they were discovered by someone
else (and who knows that they actually weren't)?

When the PDF exploit was found for the last jailbreakme exploit, the first iOS
users to have a patch available to them were those who jailbroke their
devices. Apple followed shortly thereafter.

~~~
saurik
...and users with an iPhone 2G were never given official patches from Apple,
and are still vulnerable unless jailbroken. :(

~~~
pixdamix
Hi saurik :)

Jailbrake is good, I jailbroken my 3G after one hour outside its box. (And I
used your VNC implementation to allow a disabled friend in a wheelchair to use
an iPhone)

That's said, exploiting a hole in the pdf renderer is scary. This shouldn't be
possible.

------
daemonize
uhm. this "revelation" was already written about the first time jailbreakme
did this, at least a year or two ago... Why is this news?

~~~
mrspeaker
It was proven on the last jailbreak-via-web - it was amazing to see it work
the first time and you really understood the severity of a simple bug. I think
it's news now for many people (perhaps not a large bunch of HNers) because the
first time was "huh - pretty crazy! But I'm sure it won't happen again" and
now it's "holy shit, there IS no security!"

------
r00fus
I know Apple doesn't publicly like the jailbreak community, but I can't seem
to think they don't really mind it (well other than the security egg-on-face).

From a product standpoint, apps are features/content (specifically, multiple
thousands of little features) for Apple's devices.

The App Store is the default, curated way to get apps for iOS. However, having
Cydia around hardly devalues the App Store or it's apps.

Kind of like Microsoft's (and Adobe's) views on piracy for the expansion and
domination of Windows (and Photoshop/CS)...

~~~
pixdamix
You forgot, Appulous, Crackulous etc... I think that's their problems, not the
apps you found on cydia (Except maybe some things like, 3G unrestrictor and
things like that)

------
msbarnett
A working remote code exploit highlights how vulnerable users of the software
containing the remote code exploit are?

How...insightful?

~~~
code_duck
iPhones and iPads are perceived by some as invulnerable to viruses or spyware,
like a game console. It is important to note that this is not the case.

~~~
msbarnett
Sure. But to what audience does that need highlighting?

Is extremetech's audience really so unfamiliar with the basics of technology
that they needed an article to point out that this remote code exploit
demonstrates that users are vulnerable to a remote code exploit?

I get that there is some audience that might need to have it pointed out to
them that people walking into your house and taking your stuff illustrates how
vulnerable unlocked doors are, but is the audience for that article really
hanging out at extremedoorlocks and commenting on Locksmith News?

~~~
seabee
> _Is extremetech's audience really so unfamiliar with the basics of
> technology that they needed an article to point out that this remote code
> exploit demonstrates that users are vulnerable to a remote code exploit?_

I think you hugely overestimate both people's understanding of technology and
the average reader of that site. (Here's a hint: this is who owns extremetech:
<http://www.ziffdavis.com/>)

Sufficiently advanced technology turns into a black box. Jailbreaking is
presented to the user as an installation process, the only difference is it's
done on your phone. It isn't presented as something that could happen
automatically and without your consent. Before they can understand the
implications of an exploit themselves, they have to understand:

1) it can be activated merely by following a link, not by following some
benign 'install procedure'

2) it has unrestricted access to your phone, it is not merely flipping a
'install whatever apps I like' switch

3) the bad guys can do it too

Not all of which are obvious to a user who has been wrapped in wool by Apple's
walled garden.

In contrast, the facts of an unlocked door are so incredibly obvious and
simple that they don't require more than a sentence to understand. Your
analogy is better put as "Leaving your door unlocked saves time spent looking
for your keys, and prevents you ever getting locked out if you forget them!
However, this means anybody else can go into your house, and even take your
stuff. That's why it's important to lock your door." And if extremedoorlocks
is aimed at the same kind of person who would visit extremetech, yes, they
probably do.

~~~
msbarnett
> it has unrestricted access to your phone, it is not merely flipping a
> 'install whatever apps I like' switch

Yeah, that's a fair point, I suppose. You need some basically familiarity with
the internals of the system in order to know that there is no such benign
switch.

------
ZipCordManiac
If I run this on my phone that is loaded up with apps and music, will it
damage anything ? I've always wanted to jailbreak but didn't want to risk
messing up my phone. I also heard jail breaking it causes your phone to become
unstable and crash. Any truth ?

