PhoneBoy’s Security Theater

While I am sympathetic to people who would like some of the functionality that jailbreaking your iPhone provides--heck, I wouldn't mind some of it myself--anyone who is calling upon Apple to "call off the dogs" on jailbreakers clearly doesn't understand what they are asking Apple to do.

Jailbreaking is a process by which you can run programs on the iPhone that did not come from the App Store--apps that are not Steve Jobs approved, so to speak. Seems fairly straightforward, right? I mean, who is Apple to tell me what I can run on my phone, right?

The problem is: every single one of these jailbreaks is performed by exploiting a security vulnerability in the phone's software. Every single one. The most recent example of this was the Jailbreak Me website that, by simply visiting a web page and sliding a slider, would trigger an exploit in your phone that would cause it to execute the necessary code to jailbreak the device.

Of course, if the jailbreakers can cause your phone to execute arbitrary code, so can a bad guy. And that's the point behind Apple "stopping" the jailbreakers. It's not really to stop them, it's to stop the bad guys who can use the same vulnerabilities to do worse things.

Instead of being critical to Apple for stopping jailbreakers, how about we be critical to Apple for not allowing us to run software of our choosing on our own device, even if Apple doesn't approve of it? That's the real problem, and that's what we should be focusing on.

Ok, I was suckered into something I said I wouldn't do: I actually jaikbroke and unlocked my iPhone. George Hotz, a.k.a. geohot make it so easy with blackra1n. It was a super easy process to do, and if you do a restore, your iPhone is back to its Steve Jobs approved state.

For the most part, I don't want a jailbroken phone. However, Apple (or is it AT&T?) doesn't permit the iPhone to be unlocked in the United States. I don't need that often, but it is handy when I am traveling, which I have done quite a bit lately.

One other thing I can certainly use is the ability to tether, which AT&T still doesn't officially support. However the blacksn0w also enables the IPCC "hack" that allowed you to download a provisioning file that enables tethering (i.e. using your iPhone as a modem). That's also useful when traveling, particularly if there isn't an iPass-compatible WiFi hotspot nearby.

There's a part of me that feels uneasy about this. Geohot and others like him are finding and exploiting security vulnerabilities in the iPhone to inject code into the phone to make it do things Apple didn't want you to do. Whereas we usually hear about the "bad" results of security vulnerabilities--and these exploits could be seriously bad in the wrong hands--this actually gives the user more functionality.

Apple will, of course, study these jailbreak tools and find a way to close the security holes they take advantage of. Typical in the game of cat-and-mouse between vendor and hacker. Of course, if Apple had more customer-friendly policies related to unlocking the device and allowing installation of "unapproved" apps, this problem would mostly go away.

Apple could be using these "hackers" to make their phone as secure as possible. Once Apple believe the phones are invulnerable to these kinds of attacks, they could simply provide easy access to device unlock and allow people to install whatever apps they want. People get the functionality they want with a much more secure device to boot. Everyone wins.

That's just a crackpot theory, of course, and I'm probably wrong about it. I hope I'm not.