iPhone Researchers Gain a Shell 242
SkiifGeek writes "A team of researchers dedicated to finding means to fully control and interact with the new Apple iPhone claim to have successfully gained an interactive shell on the device. In order to achieve this feat physical access to the phone is required, as it relies on some minor electronics to be created and connected to the phone's serial port. It is believed that general control over the iPhone will be available to the enterprising researchers within a week (after all, it has only just been a week since the iPhone was released), with the promise of enough control to allow for self-propagating code not very far away."
Re:"self-propagating code" (Score:1, Interesting)
Self-propagating always means 'bad'.
But that's what you WANT. (Score:5, Interesting)
Yep. Sounds like a bootstrapping and image management firmware. (A pretty capable one, though. Not some minimalist system launcher.)
But isn't that what you WANT if you're trying to establish control of your machine? Why live within the old image's limitations if you can replace it?
Meanwhile this has lots of debugging and control tools suitable for tweaking and reverse-engineering the running image And that command list sure looks like it will let you load and launch a debugging tool that's more capable and give that tool even more control of the running system than is built into this firmware.
This machine is about to be opened, whether Apple likes it or not.
(I wouldn't be surprised if - at some level within the company - they really wanted it to be opened and only launched it in closed form so they could write contracts with networking companies and obtain FCC type approval. Plausible deniability at work.)
Re:command list (mirror) (Score:5, Interesting)
There's a restore image, and they have managed to decrypt, extract, and modify said image before sending it to the phone. The executables aren't encrypted or signed on the device; however, the restore image has a password. They have the password.
Re:I don't get it (Score:3, Interesting)
I advise you to look at hard numbers when talking about success, since "recent hype" metrics are wildly inaccurate.
For example, let's see, I have a Sony Ericsson. How many were sold from this one model? 22 million in Q1 2007 (3 months).
How many has iPhone sold? 0.5 million. Of course, iPhone is just hot out of the oven, but I only trust numbers, so I'll wait and see how it does for, say, 3 months.
If it tops other phone makers, I'll agree with your sentiment.
That's not a shell. That's the boot loader. (Score:4, Interesting)
From the command list, they're talking to the boot loader, not the operating system. That's nice, but rather low level. You can load another operating system image, so there's the potential of booting a different OS, if someone writes the appropriate drivers. Somebody will probably boot Linux eventually, but mostly as a curiosity.
Re:I don't get it (Score:4, Interesting)
Re:command list (mirror) (Score:5, Interesting)
It's interesting to see how Apple has so far managed security. Unlike other companies, at least so far, they don't seem set on complete lock down. For example, so far they seem only to use the Trusted Computing to make their OS run on Apple hardware only. They could be a lot more evil with it. Even the DRM on their music. While the change it up occasionally, they at least haven't made a lot of sound about PlayFair.
As for the iPhone, it might be a matter that they're fine with people hacking it, as long as they don't have to be held responsible for it. That is, if your iPhone starts crashing, it's because you put programs on it that you weren't supposed to. Doing so also allows them to watch what other people are doing with the HW (free R&D). It's somewhat similar to what the did with Bootcamp. They didn't actively stop people from getting Windows booting on the Intel computers, but they also didn't help.
I guess the two telling signs of this will be if: (a) Apple patches this with their next update (an update coming real soon?), and (b) if they force signed binaries to run on the iPhone.
Re:Turtle Power! (Score:5, Interesting)
Seriously, if blogs mean anybody can become a journalist, if open source means anybody can write code used in mission critical systems, I think it's only fair that any random curious person can be a "researcher".
Re:command list (mirror) (Score:4, Interesting)
From the Singh [osxbook.com] linked in the Boing Boing segment:
Re:HAHA (Score:3, Interesting)
Re:That's quite a jump (Score:3, Interesting)
I understand Steve Job's reluctance to have all of us geeks gain full control over the radio and low-level network protocols that run over the radio, but couldn't he put that code in a different closed-source controller, and give us the ability to write apps?
Re:command list (mirror) (Score:1, Interesting)