I have fond memories of my friends (and eventually me, on the family iPad) jailbreaking our devices and doing stuff with them.
A lot of the things I saw from jailbreaks were incorporated into later iOS updates- I'm curious (and excited!) to see what develops out of this wave.
there used to be firewall ip and protect my privacy on cydia, but both of those seem to no longer be maintained.
I don't understand why this is such a big deal for them. They could even charge more for it, or make it so tech support is excluded from those phones, or whatever they need to do make money.
They'd bring all the hackers back to their platform. Do you realize how much effort is spent on Android mods? Can you imagine if those people were busy making iPhones do more thing? Because that's what'd happen if they'd sell me a rooted phone.
Not having root has never affected my almost ten year iOS dev career.
"Storing encryption keys in china" could mean anything, it could mean having edge services with private TLS keys for instance. Which means semantically you're correct, but it doesn't mean anything.
In fact I'd argue it's no different than hosting in the US or UK.
The UK for example has laws that forbid you from withholding encryption keys or passwords. And there is an equivalent of the NSL (National Security Letter) which forbids you from even telling anyone that you have complied with a government or law enforcement request.
So how is this relevant?
Or is there some new development I  should be concerned about?
1. Just a regular user of Termux.
moral of the story: don’t install any google apps and limit the number of apps you install.
There is, but it's not that great. You need physical access to the device and it won't be persistent (a reboot will clean it).
If your iOS software is swapped out for a version with a backdoor, then the attacker will have collected your passwords and authentication tokens to services you use. If you reboot to clear the backdoor (and let's be honest: no one reboots their phones), then you won't also "clear" your attacker's memory of all your passwords.
This makes you ever so slightly more vulnerable to an evil maid attack, but we don’t even have a jailbreak yet using this so it’s to be determined how it all shakes out.
It's totally possible to rootkit a phone and have it reboot just fine (with the rootkit removed).
I know there’s also a “hard reset” you can do with volume up -> volume down -> power, not sure if that works at a lower level.
I don't understand why people keep downplaying this. The whole point of a secure phone is that the data can't be accessed even with physical access.
Phones are more important in that you want to protect the assets from thieves, so we do add non-destructive physical access to our scope, but it's with a higher bug-bar. Someone being able to take your phone, compromise it, then give it back to you so you can input new assets means that a vulnerability has to be severe to be as important as a minor remote vulnerability.
A bootrom attack allows you to replace all of that with plugging in your victim's device into your "hackbox" for 10 seconds. Vastly simpler to execute for your typical goon/henchmen and way less likely to get detected.
There are easier physical attacks too: for example just replace the whole device with an identical one you control. Replicate the target's lock screen in software and capture their inputs.
But this hack also allows exfiltration of data from your phone, doesn't it?
A modified version of the movie quote to fit the discussion
But Apple clearly has not been negligent in this space and they really have put forth best effort.
I have found that it is insanely cheap to just buy last years phone second hand. I picked up a pixel 2 recently for $300 AUD when it was about $1000 the year before.
I've always bought my phones outright but my girlfriend recently had her phone stolen in London about a month after getting it and you can imagine how painful that was for her.
How does this work? I thought iOS apps are sandboxed to an extent where it shouldn't be possible to snoop around to determine which processes are running and such.
I maintain my company's in-house mobile app crash reporting system and I had to remove jailbreak checks from our iOS SDK. It turned out that some of the checks were causing crashes themselves due to buggy anti-jailbreak-detection code some jailbroken devices had in place. e.g. checking whether a file could be accessed that normally iOS disallows would end up causing a crash instead of just a permission error.
Instead, I just do some basic server-side detection. Basically, looking for libraries loaded into the app (e.g. cydia) that are only present on jailbroken devices. Some jailbreaks don't even try to hide their presence.
I don't know what iVerify does. I hadn't heard of it before. I'm curious how it avoids crashes though... perhaps it avoids invoking any dynamic system calls.
In fact it’s critical to do so.
In more open systems you are usually more able to run detection software for the above without sandboxing.
This makes no sense. The data of these VIPs is not in (more) danger due to this new jailbreak appearing. It sounds like a cheap trick to make people buy new phones.
That sounds like something more than a little worrying to the listed groups of people, no?
Guess which will be the more common use?
Kingdoms in the desert have had access to root certificates for almost a decade now.
And no, I'm not implying that Apple has designed this security flaw in order to sell more devices.