iPhone Jailbreak Modified Into CC Sniffing Malware

chicksdaddy writes "In a presentation at the ToorCon Hacking Conference in San Diego on Saturday, Eric Monti, a Senior Researcher at Trustwave's Spider Labs, demonstrated how to turn the popular JailbreakMe Tool for iPhones and iPads into stealthy rootkit-style malware that can monitor voice and video activity or intercept sensitive data, such as credit card magnetic stripe data from an iPhone-based transaction."

Re:How much was he paid

[mcgrew]

A gun isn't malware until you shoot someone. The jailbreak isn't malware, the rootkit based on it is.

Re:It's not about hatred.

[bonch]

See, this is the kind of post I was talking about. There are an awful lot of mysterious anonymous posters now who criticize Apple and try to rally the hardcore nerds against them. The goal with your post is to make everyone see them as Microsoft. Just look at the absurdities in your post:

These days, Apple is doing things that even Microsoft never stooped to doing. Microsoft never limited which programming languages developers could write applications in, for instance.

They most certainly have. For other languages, they embrace, extend, and extinguish them, like what they tried to do with Java. Apple is the one submitting their language changes for standardization and working on a free, BSD-licensed compiler suite, for crying out loud.

In fact, with .NET, Microsoft has gone a long way towards vastly increasing the number of languages that can be used to create Windows applications.

What does that matter if the target is .NET, which is tied to Microsoft platforms? The only alternative you have is Mono, and that's always going to lag behind Microsoft's implementation, not to mention the political hysteria surrounding it due to fears of lawsuits and other nonsense.

Then there are rumors about hidden APIs that Apple won't share with other developers, which is something that Microsoft was also accused of doing.

Now we're citing mysterious "rumors about hidden APIs." Here's reality. Apple uses private frameworks and is public about this to its developers. It uses a private framework until it's functional enough to be made public, and in the next version it becomes a public framework. A recent example off the top of my head is CoreText, which was used internally in Tiger but made public in Leopard. Other examples would be controls like the HUD windows used in iLife or the source list mode of NSOutlineView, used in iTunes and the Finder. Objective-C is full of metadata; you can class dump the run-time information of a Cocoa app and see all the classes and methods they use, so it's not like there's some big secret Apple is keeping from you.

Besides that, there are always going to be APIs a system provider uses that you can't. They're the ones providing the platform; of course they're going to have greater privileges and stricter control over third-party use, for the sake of the platform. The CoreGraphics API for rotating a window as a 3D cube that's used in the OS X installation process isn't public because they don't want everybody making their annoying windows rotate like cubes. There's always going to be a level of control over these things.

Of course, then there are the numerous incidents with perfectly legitimate applications being rejected from the app store without any valid reason. The whole review process itself and the conditions associated with it are quite terrible. The whole process is about treating developers like shit.

There have been a few cases, and Apple has improved the process since then, but those incidents far and few between and certainly not enough to form the conclusion that the point of the review process is to "treat developers like shit." That's just more of your agenda shining through.

So it's easy to see how people may distrust Apple so much that they might even believe Apple is involved in shady practices designed to make Apple's claims stronger.

No, it's not easy to see that. Claims require evidence. If you're going to automatically assume that Apple is performing dastardly deeds, you should really take a step back and see how you look to other people as a paranoid nut. It doesn't even make logical sense--revealing that an iPhone jailbreak can lead to sniffing malware is bad for Apple because it makes their phone sound dangerous and insecure to the uninformed masses.

Owner's root access = more functional AND secure

[RulerOf]

Apple only patched versions of the OS that it felt like supporting, but the jailbreak community patched all versions.

Not only were all jailbroken iOS devices patched (if the patch was installed, that is), but they were patched much faster than "vanilla" devices.

Saurik released the patch within days of jailbreakme's debut. It took Apple almost two weeks. Two weeks during which there were a metric fuckton of jailbroken iPhone 4's on display in just about every Apple store on the planet, which I think is fucking hilarious. I wonder if Jobs had those phones tossed into a pit of fire to keep up the "r00t is bad for you, good for us" charade.

[offtopic]
Anyone else want to see some legislation that prevents companies like Apple from voiding a warranty on Hardware based on the software you run on it? I mean, that would be like refusing the warranty on a laptop with a broken hinge because it had Linux on it... Oh wait a minute... [hexus.net]
[/offtopic]