Let it Ra1n, Let it Sn0w on my iPhone

Reading time ~2 minutes

Ok, I was suckered into something I said I wouldn't do: I actually jaikbroke and unlocked my iPhone. George Hotz, a.k.a. geohot make it so easy with blackra1n. It was a super easy process to do, and if you do a restore, your iPhone is back to its Steve Jobs approved state.

For the most part, I don't want a jailbroken phone. However, Apple (or is it AT&T?) doesn't permit the iPhone to be unlocked in the United States. I don't need that often, but it is handy when I am traveling, which I have done quite a bit lately.

One other thing I can certainly use is the ability to tether, which AT&T still doesn't officially support. However the blacksn0w also enables the IPCC "hack" that allowed you to download a provisioning file that enables tethering (i.e. using your iPhone as a modem). That's also useful when traveling, particularly if there isn't an iPass-compatible WiFi hotspot nearby.

There's a part of me that feels uneasy about this. Geohot and others like him are finding and exploiting security vulnerabilities in the iPhone to inject code into the phone to make it do things Apple didn't want you to do. Whereas we usually hear about the "bad" results of security vulnerabilities--and these exploits could be seriously bad in the wrong hands--this actually gives the user more functionality.

Apple will, of course, study these jailbreak tools and find a way to close the security holes they take advantage of. Typical in the game of cat-and-mouse between vendor and hacker. Of course, if Apple had more customer-friendly policies related to unlocking the device and allowing installation of "unapproved" apps, this problem would mostly go away.

Apple could be using these "hackers" to make their phone as secure as possible. Once Apple believe the phones are invulnerable to these kinds of attacks, they could simply provide easy access to device unlock and allow people to install whatever apps they want. People get the functionality they want with a much more secure device to boot. Everyone wins.

That's just a crackpot theory, of course, and I'm probably wrong about it. I hope I'm not.

How Long is Long Enough for a Password?

As much as we might want to see different authentication methods available, passwords aren't going anyway anytime soon. This means a sign...… Continue reading

Cloudflares with a Chance of Goatse

Published on February 24, 2017

Automation, Orchestration, and The Cloud

Published on January 04, 2017