If there’s one thing that we have learned over the last few years, it’s that, rightly or wrongly, the jailbreak community expects a lot. The majority of the complexities involved in researching vulnerabilities, exploiting those bugs and then tying it all nicely together into a jailbreak package capable of mass distribution are abstracted away from the end-user. This is undoubtedly how it should be, but the trade-off is that users become impatient and irritable due to a lack of understanding of the process and how much work is actually involved in effectively producing a jailbreak from scratch once Apple have slammed the security door in our faces.
First and foremost we expect to see a first glimpse of iOS 8 at this year’s Worldwide Developer Conference (WWDC) in June. We also expect to see a first developer seed going live to registered developers during the course of WWDC week. A public version of iOS 8 will likely ship with the iPhone 6 sometime in September or October. That’s approximately six or seven months in the future, so we of course expect to see an untethered 7.1 solution made available before then – all going well. However, if the first seed of iOS 8 is found to have exploitable vulnerabilities in then the Evad3rs could potentially make the call to hold off on iOS 7 and focus attention on liberating iOS 8 with the hope that any vulnerabilities are not patched as part of the process of going from beta to public.
iOS 7.1 Jailbreak with Evasi0n?
If the Evad3rs team are involved in the research or production of an iOS 7.1 untether, which we expect them to be, then it’s highly likely that we will see an updated version of Evasi0n7 shipping. The distributed tools and software that makes jailbreaking possible on a mass scale has improved exponentially over the years. What used to be a laborious and overly technical process has now been condensed into a single one click solution (where possible).
Mobile phones and personal data assistant (PDA) appliances used to be limited in their functionality; however, today there are wireless devices that operate using advanced operating systems and support applications that are incredibly useful for conducting clandestine activities. As an example, Apple’s iPod touch runs on the UNIX-Darwin kernel, which is open source,2 POSIX compliant, and single UNIX specification version 3 (SUSv3) compliant. Because of this, advanced hacker appli- cations can be built and installed onto the device, making the iPod touch a powerful hacking platform.
Regardless, there are some interesting trends that we can examine and use to our advantage.
The first trend is the use of open-source operating systems. As already mentioned, the iPod touch and the iPhone, both products of Apple Inc., uses the Darwin operating system. Additional proprietary applications, including graphic interface software, have been added to these portable devices; however, the core system is undeniably UNIX based.
The second trend is the increase in computing power and memory. Although the iPod touch does not have the processing capabilities of desktops or even laptops, they are quite capable of processing large amounts of data rapidly. As a benchmark test, the iPod touch (first generation) was able to process 577 MD5 hashes per second using the password cracking tool “John the Ripper.” In comparison, the MacBook Pro with a 2.8GHz Intel Core Duo processor was able to process 7674 per second. Although about one-twelfth the capability of the MacBook Pro, the iPod touch results are still impressive for what many consider as simply a fancy MP3 player.
The method of obtaining applications needed for penetration testing or covert audio and video communication will vary, depending on the mobile platform. In the case of the Droid and Palm Pre, access to the underlying operating system is avail- able by design. However, in the case of the iPod touch, access to the operating system can only be achieved by “jailbreaking” the phone, which circumvents protection mechanisms installed by Apple.
The actual method of jailbreaking varies, depending on the generation of the iPod touch and the version of the installed software (HOW TO jailbreak is explained in another post -same hack section). Once jailbroken, we can place applications on our device through different repositories – the most notable is called “Cydia.” More information on Cydia can be found at http://cydia.saurik.com/.