Sunday, March 30, 2008 -- 6:15 p.m. -- at my desk

Of course, everyone here at the office is concentrating on March Madness and what sounds like a great game taking place.

Me? Why, I'm pondering the big iPhone picture, of course.

And today, I have a question that goes a long way at looking at the big picture:

Why do you suppose the iPhone is so easy to hack?

And let me state up front that this is not me complaining about hacking or jailbreaking. Not at all. As someone who knows nothing about programming, I wonder why it's so easy to hack -- is that something Apple wants? Is it that the jailbreaking community is really that darn good? Is it a combination of both?

Gizmodo reported on Saturday that just 24 hours after Apple rebranded the beta iPhone firmware 2.0 (it was 1.2) that it was jailbroken again ... and the folks who do it say that Apple is actually going to have a hard time overcoming it this time.

Anyone out there with some knowledge of the subject care to enlighten me? I'm quite curious.

Thanks for calling.

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451600969e200e5519b4ec58834

Listed below are links to weblogs that reference Why do you suppose the iPhone is so easy to hack?:

No but the Davidson-Kansas game they just finished watching was a classic!

SCOTT'S REPLY: I caught the very end. Wow. Was that exciting. Even more exciting than the iPhone news. Shhhhh. Don't tell anyone I said that.

Apple didn't have enough time to work on pre-security due to the push of the iPhone being out. All we know is that software update such as firmwares is the only thing that has secured our iPhones. Steve Jobs has even talked about against hackers and jailbreakers, through securing the loyal iPhone users that new updates is the only way to stop them, and to stop hackers trying to get you personal information. Its never going to end.

I might not know what I'm talking about.

SCOTT"S REPLY: Well, I think you are in the right area, but I just can't imagine the iPhone being released with anything less than excellent security. Perhaps Steve Jobs and Co. draw a distinction between security and hackability in this way, although I'm not sure why they would.

Anything would seem "easy" to hack with enough people trying. The iPhone suffers from a situation of popularity among hackers, and lots of them work at every conceivable angle to get the thing hacked. You don't see this with Windows Mobile phones, Palm OS, or even Blackberry to this extent. It's not because it's not possible, it's just not enough desire.

Those platforms are already open to developers to a certain extent. I think after June, jailbreaking numbers will be probably be a lot less (although it'll probably never completely go away)

I have somewhat of a programming background, and I can say in my opinion the iPhone has been easy to hack ever since the very first time they opened it up. That's not to say it wasn't built pretty solid initially. It took hackers months to first open it up. And unless Apple completely revamps the baseband and the entire architecture of how the iPhone works and talks with itunes, it will always be easy to figure a way around the patches Apple applies each time it upgrades.

SCOTT'S REPLY: I think you hit the nail on the head here, Jeremy. The desire to do it doesn't make it work ... it makes it fun and people are working hard to do that.

I'm pretty new to the iPhone world -- in fact I haven't bought one yet, hoping that along with 3G in June I get 32GB so I can fit all my songs it in, I'm waiting to go from phone+ipod+pda to just iPhone.

BUT, it seems obvious to me that Apple quietly wants the phone to be unlocked. AT&T is the one with the interest in the phone being limited to its network. Apple cares only because -- I assume -- AT&T is paying Apple to restrict the phone to the network.

But Apple also wants to sell as many phones as possible. If I can unlock it, say so I can use the iPhone with my existing and CHEAPER T-Mobile service (gosh, not that I'd plan to do anything like that in June), then I too will buy an iPhone whereas before I wouldn't because I don't want to switch to AT&T.

Apple wins -- they get my money for the phone, they get AT&T's money for the locking, and Apple can't be blamed for the unlockers who unlock the phone.

It's clearly in Apple's interest that people be able to unlock the phone. And I suspect AT&T knows this but also knows that overall it's still getting a millions of new customers who are tech saavy enough to deal with unlocking.

SCOTT'S REPLY: I think that's some sound thinking there, ponderclown.

It's one thing to "jailbreak" a phone that's in your physical possession, as those wish to install extra software have. And quite another to remotely violate the security of an unsuspecting iPhone user.

I suspect that Apple's main focus will be insuring the security of the vast majority of of normal iPhone users against malicious external attacks, rather than fighting the few hackers who simply want full control of their own phones.

It is true that Apple may lose a bit of revenue when someone uses their iPhone with a network other than AT&T, or runs non-authorized applications instead of officially sanctioned ones via their upcoming online app store. Nevertheless, an iPhone sale to a "jailbreaker" is still income, and each additional iPhone in someone's hands is one less phone sold to a competitor, a walking advertisement that ultimately benefits Apple.

SCOTT'S REPLY: I agree, wholeheartedly, Brett, except you say "the few hackers." The amount of hacking seems to be growing at an amazing rate, wouldn't you say? I used to think that it's a small portion of the whole -- which I still do -- but I certainly see the numbers rising.

I could be incorrect, but in my jailbreaking experience, I have noted that the iPhone is essentially just a UNIX core with the modified Apple OS GUI on top of it. This is not unusual, I think most OS are based on BSD kernels nowadays; however, my impression is (from jailbreaks and workarounds) that the BSD subsystem is very 'stock'. Meaning all the classic BSD hacking techniques (which go way back at this point) are often effective. More of a guess than real knowledge on my part, so I could be mistaken.

SCOTT'S REPLY: Anyone else care to expand on this idea? Like I said, I know little about it, so this is certainly an interesting take.

The number of people actually developing "jailbreaking" techniques is relatively small. But once a successful method is discovered, it is made into a turnkey program and widely distributed. The number of people ultimately unlocking their phones has no correlation whatsoever to the initial difficulty of hacking.

I don't consider a technologically ignorant person who simply runs a canned program that unlocks their phone to be "hacking" it per se. The fact that significant numbers of people are choosing to do so is primarily due to two things:

1) The current lack of support for officially sanctioned third-party applications.
2) Unavailability of Apple-licensed carriers in some non-US countries.

As Apple is addressing both of these issues, I'm sure the impetus to unlock the iPhone will decrease substantially.

SCOTT'S REPLY: Interesting and we'll sure see. From what I've read so many people involved in jailbreaking seem against Apple's iTunes structure that they are talking about jailbreaking and the SDK living side by side.

The comments to this entry are closed.