PhoneBoy’s Security Theater

While I am sympathetic to people who would like some of the functionality that jailbreaking your iPhone provides--heck, I wouldn't mind some of it myself--anyone who is calling upon Apple to "call off the dogs" on jailbreakers clearly doesn't understand what they are asking Apple to do.

Jailbreaking is a process by which you can run programs on the iPhone that did not come from the App Store--apps that are not Steve Jobs approved, so to speak. Seems fairly straightforward, right? I mean, who is Apple to tell me what I can run on my phone, right?

The problem is: every single one of these jailbreaks is performed by exploiting a security vulnerability in the phone's software. Every single one. The most recent example of this was the Jailbreak Me website that, by simply visiting a web page and sliding a slider, would trigger an exploit in your phone that would cause it to execute the necessary code to jailbreak the device.

Of course, if the jailbreakers can cause your phone to execute arbitrary code, so can a bad guy. And that's the point behind Apple "stopping" the jailbreakers. It's not really to stop them, it's to stop the bad guys who can use the same vulnerabilities to do worse things.

Instead of being critical to Apple for stopping jailbreakers, how about we be critical to Apple for not allowing us to run software of our choosing on our own device, even if Apple doesn't approve of it? That's the real problem, and that's what we should be focusing on.

There's been a lot of discussion today about the "new iPhone" that was discovered because some git left it in a Redwood City, California bar. (Un)fortunately, it made it's way to the folks at Gizmodo and it's now a topic of discussion all over the Internet. Given how much Apple likes to control the information about their products, I can't see them intentionally "leaking" the device prior to the official announcement.

There is some benefit to this "leak" in that it cranks up the hype machine to 12. However, this allows a lot of potentially mis-information to be propagated--unchecked by Apple. In general, though, mobile phone manufacturers do not like their products leaked before they are ready for one simple reason: it gives the competition a head start in responding. At least that was the corporate line given to us at Nokia when I worked there :)

The one piece of information that nobody is mentioning in their coverage  is, I think, the most scary. According to the Gizmodo piece, Apple was reportedly able to kill the leaked prototype device remotely. While I can see why such a feature would be beneficial (and maybe Nokia will take the opportunity to copy that feature "with pride"), it raises all sorts of questions: Can Apple remotely kill any iDevice it chooses, not just prototypes? Is the data on the phone recoverable? How "hackable" is this mechanism (i.e. can someone discover this mechanism and hack it for their own purposes)?

As usual, enquiring minds want to know.

Update #1: Numerous people have pointed out both that Apple can remotely disable applications as well as the Remote Wipe functionality that can be activated when a device synchronizes through a Microsoft Exchange server. What I'm talking about is the possibility that Apple can, without a connection to an Exchange server, issue a remote wipe to a device. It's possible that with this prototype device, this did happen through ActiveSync. The thought that Apple could reach into my device and either disable applications or Remote Wipe the device without my knowledge or consent does not sit well with me.

Update #2: And yes, MobileMe does this remote wipe thing as well. So clearly Apple has the capability to do this. It still makes me nervous that a device I've purchased could be wiped at the touch of a button by the company who sold me the product.

Ok, I was suckered into something I said I wouldn't do: I actually jaikbroke and unlocked my iPhone. George Hotz, a.k.a. geohot make it so easy with blackra1n. It was a super easy process to do, and if you do a restore, your iPhone is back to its Steve Jobs approved state.

For the most part, I don't want a jailbroken phone. However, Apple (or is it AT&T?) doesn't permit the iPhone to be unlocked in the United States. I don't need that often, but it is handy when I am traveling, which I have done quite a bit lately.

One other thing I can certainly use is the ability to tether, which AT&T still doesn't officially support. However the blacksn0w also enables the IPCC "hack" that allowed you to download a provisioning file that enables tethering (i.e. using your iPhone as a modem). That's also useful when traveling, particularly if there isn't an iPass-compatible WiFi hotspot nearby.

There's a part of me that feels uneasy about this. Geohot and others like him are finding and exploiting security vulnerabilities in the iPhone to inject code into the phone to make it do things Apple didn't want you to do. Whereas we usually hear about the "bad" results of security vulnerabilities--and these exploits could be seriously bad in the wrong hands--this actually gives the user more functionality.

Apple will, of course, study these jailbreak tools and find a way to close the security holes they take advantage of. Typical in the game of cat-and-mouse between vendor and hacker. Of course, if Apple had more customer-friendly policies related to unlocking the device and allowing installation of "unapproved" apps, this problem would mostly go away.

Apple could be using these "hackers" to make their phone as secure as possible. Once Apple believe the phones are invulnerable to these kinds of attacks, they could simply provide easy access to device unlock and allow people to install whatever apps they want. People get the functionality they want with a much more secure device to boot. Everyone wins.

That's just a crackpot theory, of course, and I'm probably wrong about it. I hope I'm not.