How has the iPhone Update Affected Research into the Device?
Apple's recent update for the iPhone has had some implications for those who are seeking to dig around inside the system. As reported by the team responsible for the most progress to date (#iphone @ irc.osx86.hu), the iPhone update does have an effect on what has been achieved to this point. It is known that the update will perform a system wipe on modified phones since they fail an integrity check, and that system downgrades (to 1.0) produce some mixed results (even if successful, the phone reports as 1.0.1).
After the update has been applied, the researchers have identified that the previously known activation bypass methods (created by DVD Jon and others) will still work. Other code that was created for version 1.0 still works, such as Jailbreak 1.0, and newer versions of the iPhoneInterface (0.3.3 and later).
Restore images and full diff files have also been created to assist those who are looking to poke around inside the system.
More third party software has also been compiled and shown to work on the iPhone, with Ruby now available (version 1.8.6) from here. An interesting tool, named Webshell, has also been released which allows command line access to the iPhone through the Safari browser.
Work on one of the remaining stumbling blocks, unlocking the Provider's Network lock, is progressing steadily. Several different approaches are under consideration at the moment, with the goal of eventually being able to unlock from within the system or get write access to the baseband memory. Gaining write access to this memory will have some interesting results, as it is basically a dedicated sub-system that is part of a multimedia engine called S-Gold2 (created by Infineon) and is used in other phones - sometimes as the primary chip as is the case with at least one Siemens phone (though using a different firmware).
With the chip responsible for providing this support to the iPhone running a dedicated RTOS (Real Time Operating System) called Nucleus, the researchers have had to reverse engineer this system to understand the various options for opening up the baseband components.
At this point in time, the researchers have reverse engineered most of the low level functions and they plan to release full documentation on their results once they have unlocked it. This will help future researchers / hackers / interested third parties when encountering S-Gold2 devices in the future.
The release of a generic iPhone exploit at Black Hat is still expected for this Friday afternoon, but it is not certain at this stage whether the core vulnerability that is used to achieve the exploit has been addressed by the iPhone update.
2 August 2007
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.
Subscribe to our feed.