HitB2012Ams : iPhone Jailbreak part 3: Absinthe untethered jailbreak for iOS 5.1.1 - The Press Conference

The iOS jailbreak dream team
With Joshua Hill (@p0sixninja), Cyril (@pod2g) David Wang ( @planetbeing) & Nikias Bassen (@pimskeks)

Q: Which part of iOs was the vulnerability in?
A: Again the vulnerability was in Raccoon, but also we found way to bypass ASLR and a new kernel exploit.  

Q: What will apple do to protect agianst these attacks
A: Kernel side ASLR is expected in iOS6  

Q: Do you expect apple to patch quickly?
A: Yes, apple will act quickly, but some vulnerabilities are local only, not remote. Beta version of iOS6 is expected soon, so I don’t expect a fix for certain parts of the exploit soon.

Q: DO you expect more bootloader exploits?
A: This seems to be very secure atm, so we do not expect to be able to exploit this much further.  

Q: David Wang, are you back to stay in the scene?
A: As long as there is interesting stuff to do.  

Q: Do you ever ge bored with iOS hacking or do you want to continue doing this forever?
A: It is an interesting cat and mouse game. It is probably too interesting, sometimes I don’t sleep for a few days.  

Q: Is the time increasing  between each jailbreak?
A: Yes, the level of defense increased with each jailbreak, but sometimes we get luckly. It will get more and more difficult to do.  

Q: Do you ever have contact with apple. Do they ever reach our or want to hire you?
A: No  

Q: Would you like that?
A: Yes, I have tones of questions to ask them.  

Q: Is jailbreaking irresponsible disclosure?
A: I don’t think disclosing vulnerabilities like this is a good idea. Apple should determine what you do with your phone. These are vulnerabilities that need physical access to the device to do them. Once somebody has physical access to a device it is game over anyway.  

Q: How do you deal with the community pressure?
A: We try to ignore it as much as possible. Responding to all this requests doesn’t make go faster. We release the jailbreaks as soon as we can. The good people outweigh the bad people in a lot of ways?  

Q: Will you still offer this for free in the future?
A: No, we will not, this is a bad idea.  

Q: Do you guys earn money by doing this.
A: Some, there are adds on the website and donations. But not enough to live from, since we have costs as well.  

Q: How was it to meet in real live for the first time?
A: For some people we didn’t even know what they looked like. So seeing e.g.g pod2g was a surprise.  

Q: Are you surprised about the attention this gets?
A: Yes, we are proud, but surprised. I don’t know why people are so interested. We had some idea about from the download statistics, but seeing it in real life is a surprise?  

Q: How do you see the future of the jailbreak?
A: A some point it will be so hard to bypass all measure that maybe we’ll be blocked. But maybe that will cause Apple to change its policies to be competitive with e.g. Adnroid.  

Q: How do you feel about jailbreak scams
A: They are hard to battle. We have tried. But the only weapon is education. We will never charge for a jailbreak.  

Q: Jailbreaking affects security of the devices
A: Yes, jailbroken devices are weaker then non-jailbroken devices. But we don’t believe it does not decrease the security level below that of our laptops. There is no reason why, some day, we could not reenforce the security measures fter the jailbreak, but it is not as much fun to do. Users have to make sure they keep theirdevices secure after jailbreaking.  

Q: Would you still be jailbreak a device when it is forbidden? Do you worry that certain devices (e.g. ipad’s ) are not DMC exempt
A: It used to be illegal and now it isn’t. We are not really worried, because Apple hasn’t even sent a seize and desist, so they don’t seem to be interested to take legal actions.  

Q: Has jailbreaking benefitted Apple?
A: yes, we are Apples cheapest R&D department. Also several things that are here now where born for jailbroken devices first.  

Q: How many?
A: 8700 download already. Will be millions. There is a lot iPhone around?  

Q: Was it coincidence that the server down?
A: Probably, we restarted it and it was fine.  

ABOUT JOSHUA HILL (@p0sixninja)

Joshua Hill (@p0sixninja) is an independent Security Researcher for zImperium, as well as leader of the Chronic Dev Team and chief architect behind GreenPois0n, a cross-platform toolkit used by millions of people around the world to jailbreak their iOS mobile devices.

ABOUT CYRIL (@pod2g)

Cyril (@pod2g) is an iPhone hacker who has discovered and exploited several bootrom exploits on iDevices, including 24kpwn, steaks4uce, and SHAtter, as well as several userland and kernel exploits that have been used in various jailbreak tools. He’s a member of Chronic-Dev Team and the original author the of Corona untether jailbreak.

ABOUT DAVID WANG (@planetbeing)

David Wang (@planetbeing) is a member of the iPhone Dev Team and former developer of many iOS jailbreak tools including redsn0w, xpwn, and QuickPwn. He is also the first to have ported the Linux kernel and Android to iOS devices.


Nikias Bassen (@pimskeks) is a Chronic-Dev Team member and main developer of libimobiledevice, usbmuxd, and other related projects that form an open source implementation of communication and service protocols for iDevices. He found several flaws in the iDevice service protocols that also helped creating Absinthe.


Not Published

0/1000 characters
Go Top