Tag Archives: iDevice

broken!

When Apple replaced the long-serving 30-pin connector on iDevices with the 6-pin lightning cable, they almost inadvertently applied long, slow stranglehold to the jailbreak community. You see, the 30-pin schematic was well documented & fully investigated, due to the fully-disclosed workings, vulnerabilities had been identified in the hardware and duly exploited for the purpose of jailbreaking. The most famous/well used example of this is Geohot’s Limerain exploit, used over and over for the jailbreak to gain entry to the iOS before it could lock down.

Ra1ndropThe importance of a hardware exploit is that, on any device with that port, the exploit is unpatchable. Because at a hardware level, before any software kicks in, the vulnerability exists.

This allowed jailbreaking to continue consistently, with effective JB installers releasing within very short timeframes of Apple’s latest iOS release. Occasionally there would be delays but not for long and the JB would be a solid performer, allowing all sorts of access to any hardware feature.

Then, oh noes! It was overdue for replacement, & the lightning cable is a vast improvement but the venerable 30-pin connector was our gateway. While the 30-pin was used in iDevices, we had a guaranteed way through.  The new Lightning connector was not so generous, an undocumented communicator without known vulnerability meant that the Jailbreak creators had no physical access to the device pre-posting OS, and now had to do their work entirely in software.

Software solutions, by nature, must kick in after the iOS posts, so therefore has an opportunity to limit the Jailbreak’s access to the various hardware components. So, for example, recent jailbreaks have not had the AirBlue Bluetooth hack available – that function remains in jail and even jailbreakers have to suffer the imposition of artificial limits on their prized iDevices.

Limited Jailbreaks are still worth a considerable sum to the developers. The last authoritative sum I was quoted was $US800K, paid by a Chinese alternative app store to have their app included in the  jailbreak install by default.

Figures like that give an indication of the size of the jailbreak community – that this particular store (you can add more to a jailbreaked iDevice) expects to reap substantially more than $US800K profit from this iteration of iOS (each new iOS version requires a new jaibreak).

The software only jailbreaks, with their incomplete feature-set are often referred to as “barely a jailbreak” by respected community figures. Hence the delight and immediate flurry of activity when this video was posted on YouTube & publicised via Twitter, St Valentines Day 2015.

Yep, there it is. Serial access to iDevices through the lightning port, with the schematic diagram following shortly after. It may look like an uncomplicated connector, but the reality  is far from that assumption.B-DqwBmIAAE8V_K.jpg-largeWith serial to lightning access, the jailbreak community suddenly has renewed hope. Researchers still need to find a vulnerability and create a Limerain-type exploit for it. With the work of Key2 now published, the search for the vulnerability can proceed in earnest.

Immediate uses for the serial-lightning cable are still extensive and have far-reaching effect. No longer is the screen code lock a true safety net. Brute-force devices appeared within days, the researcher in me tells me to get one immediately. For research. Once you’re past the screen lock code, with serial access to the unsuspecting iDevice, iCloud locks are looking somewhat shaky.

With a worldwide army of collaborating hackers working on this 24/7,  it’s now only a matter of time.