Tuesday, October 30, 2007

jailbreakme.com: Jailbreak Your iPhone/iPod Touch By Visiting a website.

I have mixed feelings about this "easiest jailbreaking method ever".  By just visiting jailbbreakme.com, a previously "virgin" iPhone/iPod Touch will be jailbreak-ed opening it to 3rd party applications with minimal user intervention.  This is made possible through the TIFF exploit discovered by a PSP hacker named Niacin.

Well and good for those who does not want to muck around with using SSH (or WinSCP) -- which is a vast majority of iPhone/iPod Touch owners.

But... this also opens up the iPhone/iPod Touch to the dark side of the web.  Picture this:  a "virgin" iPhone/iPod Touch visits a seemingly "harmless website" using Mobile Safari.  But in the background, the seemingly "harmless website" is now capable of running a background process in the iPhone/iPod Touch doing something sinister (like sending out the whole contact list as an email to the hacker, or simply messing up with the system file... bricking the device).

Now, if an iPhone/iPod Touch was jailbreak-ed using jailbreakme.com, the process also patches the system, fixing the TIFF exploit.  Those that have jailbreak-ed their devices using the more arcane methods also has the option to download the TIFF exploit fix.  But what about the majority of users that kept their units untouched?  They are all vulnerable to these types of "attacks".

This is my fear at the moment.  I think Apple will address this TIFF exploit weakness on the iPhone/iPod Touch.  Once Apple releases the official fix through another software update, the firmware 1.1.1 fiasco may happen once again and will render countless devices useless, until the hacking community finds yet another way to circumvent Apple's "fixes".

I guess I'll just have to be content with what I have now -- an iPod Touch with extended capabilities thanks to the iPhone/iPod Touch hacking community (with some level of confidence that it is somewhat safe from the TIFF exploit).

The solution to this conundrum? Apple should immediately release the SDK for this platform and let the developer community enrich the iPhone/iPod Touch platform.

Blogged with Flock

No comments: