Greedy Apple users will trust anyone

Greedy Apple users will trust anyone

Summary: A "jailbreak" Web site created earlier this week is already attracting hordes of iPhone and iPod Touch users who want to free their devices from the digital shackles attached by Jobs and co.


A "jailbreak" Web site created earlier this week is already attracting hordes of iPhone and iPod Touch users who want to free their devices from the digital shackles attached by Jobs and co.

The "jailbreakme" site itself lures visitors by promising to open up the iPhone and iPod Touch to third party applications -- a luxury currently forbidden by Apple. There is no evidence to suggest that this particular jailbreak utility is at all malicious but how long will it be before copycat sites appear that have less honourable intentions?

To use the site, each visitor effectively opens up their device to the page's owners -- trusting them with pretty much all their personal and valuable data, as well as having faith they won't abuse their control over the device's microphone and camera.

In order to give users access to the third party apps, the jailbreakme page exploits an image vulnerability in Apple's Safari browser to gain root access to the iPhone and iPod Touch's system. This allows the site to bypass all the protections placed by Apple and upload the applications. The crackers even boast the ability to patch the Safari vulnerability that makes all this possible.

It appears an innocent enough site, but surely the mention of exploiting software flaws should sound warning bells to the security-conscious.

Over the past year, numerous security experts have claimed that there are no more "trusted" Web sites. This is partially because so many legitimate Web sites have either been hacked to dish out malware or their ad supplier has been hacked to serve similar so-called drive-by downloads.

We live in very strange times.

Security people have been giving us the same advice for years -- be paranoid, don't click on suspicious links, don't visit dodgy Web sites, don't download and run unknown files.

But the desire for games and more applications is driving relatively security-minded people to point their new mobile device at a Web site that was specifically designed to exploit, hack and upload unknown software onto their system.

One of the first people I know to jailbreak their Apple device was the founder of a very well-known global security firm.

This is crazy. Do we really know what is being uploaded onto the iPhone/iPod Touch when we visit these sites? How much do we care?

So despite knowing all the dangers, I fully intend to walk eyes-open into the hack that stands before me. But before I do so, I will take the precaution of first removing all my personal information from the device and just leave the music and possibly my photos.

And you can be sure that when Apple does open the platform to "legitimate" apps early next year, I will be among the first to reformat the device and once again trust it with personal data.

Has my experience in IT security made me too paranoid? Have you used a jailbreak application? Do you store confidential information on your jail-broken device? Do you trust the hackers? Why?

Topics: Apple, Hardware, iPhone, Operating Systems, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Touch Trust

    Nice blog ... Hey, where's your stalker? He (she?) usually puts some snarky comment up two seconds after your blog goes up. Frustrated wannabe journo perhaps?
  • Perhaps because he did write about security?

    Wannabe journos? wannabe paupers? you get more cash working helpdesk than IT journos...
  • Jailbreaker here

    I already had an unlocked 1.0.2 iPhone working perfectly but I was curious about this new method. So I upgraded to 1.1.1 and went for broke. Compared to the previous archaic methods available at the time, AppSnap (aka jailbreakme) is a breeze. I was aware of the security concern, but I had no personal info to worry about. The jailbreak developers are also reputable within the unlocking community. No less than Erica Sadun herself made the first announcement of the release, even though she herself was not involved in the development. The software was also released completely free, as has been the norm almost from the bginning of jailbreaking. I still have no plans of storing sensitive data on my iPhone.

    But your article makes a lot of sense. Caveat emptor.
  • Jailbreaker here, part deux

    Follow up...

    What's with the word "greedy" in the title? What's greed have to do with it?

    TIME magazine today called the iPhone "Invention of the Year". Early adopters just want to be able to use this gadget sooner than the 2008 release in Oz. Does that make us greedy? Did you write the piece in a haste?
  • It's about the company

    I think what your article highlights is that increasingly we're choosing companies with which to cosy-up to. And in doing so, we're trusting them with 'our everything'.

    Consider Google. I run my business ( using Google mail, documents, adWords, AdSense, and Google calendar.

    They pretty much know everything they can about me. If they're interested. But we bet that they aren't. And in making this bet, we accept the huge utility that they provide. It's a reasonable gamble when you get so much for free.

    The vulnerability you refer to is the natural progression from this gamble. If offered by Google - people would do it (whether right or wrong). But I don't know about other firms...
  • Free Access to Devices

    This is a direct result of closing the platform. It's obvious that end users want to be able to use the device that they bought in any way they see fit. And if that means running software not approved by the device maker so be it.
  • We Can Only Dream

    Wouldn't it be great if an authoritarian power walked into Google corporate, put a gun to the head of every employee, and forced them to cough up every scrap of user data? Then pore through the result and identify every law breaker of any stripe? Then build a fence around Nevada and throw them all in there?!? Sure would make getting to work in the morning a LOT easier.
  • no