News tagged ‘exploit’

Recently MuscleNerd, the member of DevTeam, reported the presence of an interesting security bug in Safari for the iPhone. It will probably allow a quick remote jailbreak of iPhone or iPod Touch simply by connecting the device to an external website created for this purpose.

The bug was discovered by two hackers Ralph Phillip and Vincenzo Iozzo, who won the prize of $15 000 during CanSecWest. Their initial idea was to use a web portal to do the exploit of the SMS database and retrieve it's content.

A few hours ago we wrote about new group of hackers who claimed to have found a new exploit for the iPhone 3GS and iPod Touch with new iBoot. With this Gull1Hack utility you should be able to perform the untethered Jailbreak even on new devices. Here is a new demo video:

What do you think? Fake?

A few days ago in an IRC channel the DevTeam and GeoHot discussed and summarized the state of the exploits found in the new baseband 05.12.01 in firmware 3.1.3. GeoHot explains that an exploit that had previously discovered and used in blacksn0w is still present in the new firmware released by Apple. It appears that both he and MuscleNerd are working on the same exploit, and if this were true, it would be a really good start to team up and release a new unlock tool.

Here is their discussion:

< visnet_ > What does geohot tweet mean?
< %geohot > its my bb exploit for safekeeping
< %Par4doX > geohot: did you turn that over to the dev team or are you doing something with it?
< %geohot > my days of turning things over are done
< %geohot > i hope its different from the one they have
< %geohot > but they prob already have it
< %geohot > its the one i orig wanted to release blacksn0w with
< %Par4doX > it’s still there in the new bb
< %geohot > yep, just checked
< %geohot > but then opted to use xemn since it was public
< Evan > Oo, it carries over from 05.11 to 05.12?
< %geohot > why wouldn’t it, apple doesn’t fix things proactivly
< @MuscleNerd > geohot we prob should figure out a way to know if we have same exploit double blind, otherwise we may release 2 different ones at same time
< %geohot > any suggestions?
< @MuscleNerd > not sure how to do that without making it easy to brute force tho
< %geohot > yea, i salted the hash
< @MuscleNerd > yeah
< @MuscleNerd > hmm maybe if we both hash the stack dump
< @Confucious > Can you two take this out of public sight?
< @MuscleNerd > the stack itself, not the header before it or the registers after it
< Her > muscle: any notice about the exploits are the same ?
< %geohot > we are working on it
< %geohot > cryptography, perfect for people who don’t trust each other

We should not expect much for the firmware 3.1.3 since the rumors predict the firmware 3.2 for mid-March. However these news are really good for owners of locked devices.

A new group of hackers claim they found a new exploit for the iPhone 3GS and iPod Touch with the new BootRom. This means that jailbreak for iPhone 3GS (late models) and iPod Touch 2G (MC) and iPod Touch 3G will be available.

We just found an amazing Exploit in the Boot-System of the 3GS with the new Bootrom! This Exploit works on ALL iPhone and iPod Touches!

The tool will be called Gull1hack. The operation is very simple and the code is sent when the device is in recovery mode, just like Blackra1n and Redsn0w do. This jailbreak tool has been neither confirmed by Geohot nor from the DevTeam. Many users think this is fake. We'll see.

Here's a video with Gull1hack in action:

Read the rest of this entry »

The annual Pwn2Own hacking contest is coming up next month. During the event competitors will be given the chance to win cash prizes.

The competition will start on March 24 at the CanSecWest security conference in Vancouver, British Columbia. This year, hackers will take on an iPhone 3GS, a Blackberry Bold 9700, an unspecified Nokia smartphone running the Symbian S60 platform and a Motorola, most likely a Droid, powered by Google 's Android. A successful hack must result in code execution with little to no user-interaction. Any exploited phone wins its attacker $10,000 in cash.

It looks like Apple has started banning iPhone hackers from the iTunes App Store.

A few day ago Sherif Hashim, the iPhone developer and hacker, tweeted that he had found an exploit in the latest iPhone OS 3.1.3, which could enable the unlock on 05.12.01 baseband for iPhone 3GS and iPhone 3G. Yesterday he has been banned by Apple for the so called "security reasons". It seems that Apple is quite angry! Here is what Sherif gets when he tries to access App Store from his iPhone:

Sherif Hashim’s Tweets:

"Your Apple ID was banned for security reasons", that's what i get when i try to go to the app store, they must be really angry ))))

and guess what my apple ID was, "sherif_hashim@yahoo.com", what a fool was me not to notice )), can't help laughing, they are babies ))

Another iPhone hacker named iH8sn0w, the developer of Sn0wbreeze (PwnageTool alternative for Windows), tweeted saying he was also banned by Apple right after he released an exploit known as XEMN:

@sherif_hashim lol, they did that to my ih8sn0wyday[@t]googmail.com too. (right after I posted XEMN)…

For now Apple isn’t banning Jailbreakers - they’re banning people who actively work to find exploits in the iPhone software to create Jailbreaks for the rest of us.

Sherif Hashim has discovered an exploit which may allow unlock of the latest iPhone OS 3.1.3 baseband 05.12.01. Such unlock utilities for previous baseband versions were called blacksn0w, ultrasn0w и and yellowsn0w. MuscleNerd, the member of DevTeam, has already confirmed it is working. So the timing of the unlcok release is totally up to them right now.

Here is an official update from DevTeam:

"We’ve started to look at his crash but it’s a long road between any given crash and a fully working unlock, and we couldn’t put an ETA on it even if we wanted to. It’s not even guaranteed that an working unlock will come from this particular crash — it’s just too early to tell."

Newsworthy events are often targeted by hi-tech criminals. The iPad wasn’t the exception.

On the last week terms like “Apple” and “iPad” were among the most popular on different search sites and services because of the Steve Jobs’ presentation. That caused hi-tech scammers to tune their booby-trapped webpages to show up near the top of search results with that terms. So when the user enters such words as “Apple iPad rumor” or “Apple iPad size”, he has a probability to go to the sites that will peddle rogue security software to him.

Moreover, some sites were tuned in such way they could define user’s OS and choose a different type of attacking it. Other sites send users to web pages that pose Google’s search engine and manipulate the results people see. The only way to stay protected from these scammers is to be attentive to strange sites and links, to have an up to date security software installed and the latest OS system patches.

[Via BBC]

Few hours ago GeoHot left a new message on Twitter - he officially started looking for an exploit in the new baseband 05.11.07.

All iPhone 3G/3GS owners with native firmware 3.1 or higher will be finally able to unlock the phone. This also applies to iPhone owners who updated to firmware 3.1 or 3.1.2 by mistake.

via ispazio

iH8sn0w has just released a new teaser video showing Sn0wbreeze, application for Windows that would basically be a clone of PwnageTool, equipped with the ability to create custom firmware and unlock the various devices.

Many users believe that Sn0wbreeze is just "fake,".. Hopefully iH8sn0w did found an exploit and will finish Sn0wbreeze soon.

Let's watch the video:

Apple has updated the BootROM for the iPhone 3GS to iBoot-359.32. This software upgrade is reportedly not vulnerable to an exploit hackers previously used.

MuscleNerd, a member of the iPhone Dev Team, noted this is the first time ever that Apple has done a BootROM update in the middle of a product line, without a new hardware model. The Dev Team is a group of hackers who release tools used to exploit the iPhone OS. With the new iBoot hackers will not be able to use "24kpwn" exploit.

This means that anyone who will buy an iPhone 3GS these days, will not be able to jailbreak and unlock it, probably for a very long time.

Geohot published new photo, where we can see the file called "ipt3_jailbroken". This means that he was able to unlock the iPod Touch 3G and run the Jailbreak. He said that this the same exploit works with in iPhone 3GS firmware 3.0 and 3.1 native.

It looks like we will see his new tool with classic buttons to run the Jailbreak in 10 seconds quite soon.

Finally here are come good news for all iPhone 3GS owners. The DevTeam has managed to perform jailbreak on iPhone 3GS with firmware 3.1!

This means that the exploit worked and that the new Pwnage Tool will soon be able to run the iPhone 3GS Jailbreak with firmware 3.1. We will keep you updated!

Now everyone will know that the DevTeam and GeoHot are no longer in good terms and in fact shortly after the release of Redsn0w 0.8, the tool to run the jailbreak of Firmawre 3.0, there were many discussions on Twitter between GeoHot and copumpkin, one of the DevTeam members.

GeoHot  complained that redsn0w uses the same "hole" and the same exploit to run the iPhone 3GS Jailbreak, copumpkin said that the flaw was the same but the exploit was completely different and created entirely by them. Not trusting, GeoHot asked repeatedly Hash codes (the identity) for the files needed to run the exploit and said that it had not been a good idea to release two programs that use the same "hole" (stealing?).

GeoHot also said, that redsn0w has problems (which is true, some users have reported problems) and so he plans to release a new better version of Purplera1n. It will probably will also unlock the iPhone.

And after the various Key and provocations made by GeoHotz, the DevTeam has decided to write a new article on the official blog with good news for all owners of an iPhone 3GS! The DevTeam has verified that the exploit called 24Kpwn (used for the first time to unlock the iPod Touch 2G) is still valid and it works wonderfully for iPhone 3GS.

It seems the new version of bootrom used by Apple in 3GS dates back in August, a few months before the release of 24Kpwn, so there was no time to solve the problem.

In addition, the new daemon released by the team under the name of ultrasn0w (unlock for iPhone 3G) will work with iPhone 3GS.

New versions of redsn0w (jailbreak) and ultrasn0w (unlock) with iPhone 3GS support will be released soon.