The act of Jailbreaking an iOS-powered device can often be likened to a game of cat and mouse played out by Apple and hacking community. Except that this time, the mouse is the ultimate winner of the game: a group of hackers have recently announced the the release of a new Jailbreak tool which exploits a certain loophole in the device’s boot ROM code. The result? A new method of Jailbreaking in which Apple has practically no chance of blocking or shutting down.
Sure, Apple may have thought that it had put an end to most software-based Jailbreaks when the iOS 4.x operating system was patched some time ago. And in all truthfulness, the company might actually have been successful in doing so, considering that no new jailbreaking tools have been released for almost a month. Even security experts have admitted during that period of time that there were no known jailbreaks for iOS 4.0.2 or later on the iPhone.
However, the tenacity of the hacking community can hardly be underestimated. Now that the recent updates for iOS has made the mobile operating system virtually immune to all forms of software exploits, hackers have simply shifted their focus to hardware-based exploits. Apparently, it seemed to have worked: the latest jailbreaking tool released by the hacking community takes advantage of a flaw in the low-level boot ROM code of the device. And the impact of such an exploit is huge: it is practically impossible to patch low-level hardware code through software methods. The only way Apple can effectively ‘limit’ the use of such tools is to release new handsets with a modified boot ROM code: the current devices being sold and used right now cannot be patched to block the tool.
What really makes the current turn of events interesting is the fact that there are not one, but two different boot ROM exploits currently available, each being developed by different parties. The first such exploit known as “SHAtter” was discovered by the Chronic Dev Team, and has been released for download under the name Greenpois0n. The Team claims in their blog that Greenpois0n will only work on iOS devices with firmware version 4.1, (pictured below) so an update might be required before any jailbreak attempts should be made.
The other boot ROM exploit was developed by Geohot, who is also known as the first person who managed to bypass the Playstation 3’s stringent security features through the use of the console’s ‘Other OS’ function. GeoHot’s tool is known as ‘limera1n‘, and works on a slightly wider range of iOS firmware versions than Chronic Dev Team’s Greenpois0n.
For those who are interested in trying out the jailbreaking tools, we have provided links in the article which will take you directly to the download pages of these tools. However, we have to point out that jailbreaking is not something that should be taken lightly, and you owe it to yourself to fully understand what you are getting yourself into. That is, unless you are perfectly content with having a new, very expensive paperweight that was once supposed to be an iPhone. Or an iPod.
Source: Ars Technica