>Unfortunately, since it is a university research group, they probably disclosed responsibly and whatever defect allowed this form of jailbreaking will soon be fixed.
I wouldn't consider that unfortunate. Responsible disclosure should be praised!
In almost all circumstances, I agree. However, the one circumstance I don't agree is when systems are being kept secure mainly against their own users. In this case, insecure systems are preferable (as a user), especially when the attack vector is likely to only be triggered intentionally. Since I don't plug my iphone into random USB cables pretty much ever, the only likely case where this vulnerability could be exploited against my phone is if I chose to jailbreak it.
You're right, but then again, I also like being able to run my own software on my own devices.
If secure means closed well, that is not a trade off a lot of people are not willing to make. Just take a look at the outrage from the Windows 8 secure boot loader that can theoretically stop linux from being installed.
Personally, I like it when companies include some physical mechanism of getting root access to the machine. Whether we have to get root access through the charger port, or pressing F12 when the PC is booting, this mechanism will by definition have to be a 'vulnerability.' Of course, root access in this sense is referring to bootloader root access, not the operating system - that would be bad. We can only assume which type of root access is being referred to in the hack above.
If secure means closed well, that is not a trade off a lot of people are not willing to make
You're living inside a tech bubble. The vast majority of iPhone owners don't care about "open". They care about "it works". These people are benefited greatly from having a "closed" yet secure system.
I too would like to run my own software on my iPhone, yet i would rather it be closed and as secure as possible then open. It, to me, is a phone first, and a computing device second and its security is more important then anything else.
> I also like being able to run my own software on my own devices.
Don't use an iPhone :) Vote with your wallet!
And for the Windows 8 lock down of Linux, there are still numerous ways to get a Linux-enabled laptop, or to ensure that what you buy will work well.
For the vast majority of them, they'll never plug their phone into a non-Apple connector, so the security status of this subsystem will not have any practical importance either way.
I think you underestimate how willing people are to share chargers. If you make one of these malicious chargers, and mock it up to look similar enough to an Apple one, I bet you could compromise a decent number of phones just by hanging out in a popular place (e.g. a coffee shop, or an airport) and making your charger available to folks.
The airport is a perfect example, offering USB ports for iPhone, Android, etc and there would actually be a computer behind the scenes skimming whatever it wanted, or adding whatever it could to the devices connected... A lot of people are eager to plugin to charging stations while waiting for their flights.
What? I am not speaking about a religious desire for freedom. I'm speaking of the practical pros and cons of wanting to use a system I own in a certain way and not being able to, versus a miniscule risk of a certain attack vector being exploited.
Did the irony of calling my point of view religious while implying that security overrides all other preferential considerations escape you?
I wouldn't consider that unfortunate. Responsible disclosure should be praised!