Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Worms Cellphones Iphone Apple

First Malicious iPhone Worm In the Wild 135

An anonymous reader writes "After the ikee worm that displayed a picture of Rick Astley on jailbroken iPhones, the first malicious iPhone worm (Google translation; original, in Dutch) has now been discovered in the wild. Internet provider XS4ALL in the Netherlands encountered several of such devices (link in Dutch) on the wireless networks of their customers and put out a warning. After obtaining a copy of the malware it was discovered that the jailbroken phones, which are exploited through openSSH with a default password, scan IP ranges of mobile internet providers for other vulnerable iPhones, phone home to a C&C botnet server, are able to update themselves with additional malware and have the ability to dump the SMS database as well. Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present."
This discussion has been archived. No new comments can be posted.

First Malicious iPhone Worm In the Wild

Comments Filter:
  • hmmm. passwd (Score:4, Insightful)

    by epilido ( 959870 ) * on Saturday November 21, 2009 @03:42PM (#30187568)

    how about changing the default password............

    • Jeez. People knew that was a bad idea decades ago.

       

      • by hansraj ( 458504 )

        Yeah, and I don't get why the executable used for jail-breaking an iPhone couldn't either

        a) Prompt the user to choose a root password, or
        b) Generate a (random) root password for each install.

        I mean seriously, what is the idea behind having a default root password?

        • Re: (Score:3, Insightful)

          by marcansoft ( 727665 )

          The default install doesn't come with OpenSSH anyway. If you deliberately install OpenSSH (to access your stuff using WiFi, which is why most people do) and fail to change your password (which should be blatantly obvious, since it's what you'll be using to access the phone over WiFi), well, shame on you. If you can't deduce that anyone can access your phone remotely just as well as you can, you shouldn't be doing these things.

          Really, a good part of the blame is probably on tutorials and guides out there tha

          • Of course that is one of the many reasons why apple is so anal about what apps can be do and which api's they can use.

            if i put on the tinfoil I would bet that apple themselves engineered the virus to spread through only jail broken phones to prove just how dangerous jail breaking is.

            • by adolf ( 21054 )

              Danger? When I installed OpenSSH on via Cydia, I got a big fat warning about being sure to change the password (the default is "alpine".)

              I, of course, did so immediately. As I would've done anyway, even if Cydia didn't prompt me to do so.

              The problem here, at the root of it, is this: Apple ships the device with a default password, but no means of remote access, so that's OK. User comes by and plugs in a remote-access application (OpenSSH), fails to heed the warnings about enabling SSH without changing th

    • The purpose of suggesting that anyone with the default password reflash their iphones is that they might already be infected, making changing the password at this point pointless.

      Of course changing the default password is something that should always be done.

    • by MeNeXT ( 200840 )

      It seems no password is needed if you try ssh root@IPHONEIP.

  • Excessive? (Score:5, Insightful)

    by ickleberry ( 864871 ) <web@pineapple.vg> on Saturday November 21, 2009 @03:42PM (#30187574) Homepage

    Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present.

    That seems a bit excessive when a simple one-time usage of the included "passwd" utility will suffice. Srsly though, jailbreaking utilities should be pestering users to change their password from the default because this is only scaring less-knowledgeable folk into thinking Jailbreak == viruses

    • Re:Excessive? (Score:4, Insightful)

      by maccodemonkey ( 1438585 ) on Saturday November 21, 2009 @03:53PM (#30187700)
      Unless you are already infected and you don't know it, then changing the password does nothing.
      • If you're jailbreaking next time you upgrade the issue will solve itself since you flash a new image on the phone. But my guess is these are clueless people who had their phone unlocked and jailbroken by a friend back in the (1.3) days when openssh was automatically installed when jailbreaking and the included passwd utility was broken so people couldn't change the password.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure that their phone is bricked and completely unusable

      Fixed the article

    • Re:Excessive? (Score:4, Insightful)

      by TJamieson ( 218336 ) on Saturday November 21, 2009 @04:27PM (#30188004)

      Isn't it also interesting that the fix is to, basically, un-jailbreak as soon as possible. If I were more of a conspiracy theorist, I would think Apple might have an interest in showing just how "bad" jailbreaking can be. Apple: See, if you jailbreak, you'll get a special phone worm!

      • Re: (Score:3, Funny)

        by Anonymous Coward

        WORMS? IN MY APPLE?!?!?!?

        actually, that seems somehow fitting...

      • Wrong. The fix is to, basically, reinstall the OS. Jailbroken or not. Jailbreak != OpenSSH preinstalled. People claiming this hole is somehow the result of jailbreaks are either clueless or anti-jailbreak. Jailbreaking is the enabler, but the real problem are clueless users who install (or are instructed to install) OpenSSH and do not change the default passwords.

        • Exactly - the clueless user is the target here. The technical users already know why they should jailbreak, and how to do it safely. Apple isn't worried about them because that crowd will always exist. However, they could leverage these worms to urge non-techies away from even thinking about jailbreaking. For instance, in the eyes of the average user, they could make jailbreaking synonymous with worms. Everybody here on /. knows jailbreak != worms, but what about everyone who reads Google News?

      • by macslut ( 724441 )
        Actually the steps are: 1) Admit that you're an idiot for enabling SSH and not changing the default password. 2) Flash the firmware. 3) Re-Jailbreak. 4) Either don't enable SSH or do change the default password. 5) Remember that you're an idiot.
    • That seems a bit excessive when a simple one-time usage of the included "passwd" utility will suffice. Srsly though, jailbreaking utilities should be pestering users to change their password from the default because this is only scaring less-knowledgeable folk into thinking Jailbreak == viruses

      Unless of course the author of a particular jailbreak utility WANTS to compromise the target units.

    • That seems a bit excessive when a simple one-time usage of the included "passwd" utility will suffice. Srsly though, jailbreaking utilities should be pestering users to change their password from the default because this is only scaring less-knowledgeable folk into thinking Jailbreak == viruses

      Honestly, if the people reading it don't realize it is obsessive, they probably shouldn't have jailbroke their phones in the first place. When you hack something on a public controlled network, you best not be mindless. This message hits exactly the people who should return to the standard firmware and nor more.

      • The problem is a lot of mainstream news sites have reported all the cool apps you can get by jailbreaking, and a lot of people have found jailbreaking as one way to pirate apps. Thus the clueless public was introduced to jailbreaking, and of course they install whatever random crap they find like kids in a candy store, such as an SSH server.
        • The problem is a lot of mainstream news sites have reported all the cool apps you can get by jailbreaking, and a lot of people have found jailbreaking as one way to pirate apps.

          Bear in mind that those pirate apps could easily contain malicious code - some probably already do. People don't need a virus or default SSH password to access your phone if you are willing to run arbitrary binaries from untrustworthy websites. The only advantage for this one is it can easily spread between phones if they haven't been secured.

          The SSH server is required for installing apps - it's not optional, but people should be changing the password.

          However if I were writing a virus for iPhones, I'd conce

      • No. If people don't realize that reflashing their iphones is the proper thing to do at this point then they are the ones that should not be jailbreaking their iphones. The purpose of the reflash is to ensure that the phone will no longer be infected, which it may or may not have been before hand. Changing the password after the fact will not magically un-infect them.

        Honestly though, if people didn't change the default password to begin with then they really should not be jailbreaking their iphones.

        Oh, an

      • Re:Excessive? (Score:4, Insightful)

        by ickleberry ( 864871 ) <web@pineapple.vg> on Saturday November 21, 2009 @06:00PM (#30188834) Homepage
        No reason ordinary folk shouldn't be allowed to enjoy the benefits of an un-crippled, unrestricted phone. Jailbreaking utilities really should prompt the user for a new root password before they can continue, so there would be no point in even writing these worms.
        ,
        • Re: (Score:3, Interesting)

          by pizzach ( 1011925 )

          No reason ordinary folk shouldn't be allowed to enjoy the benefits of an un-crippled, unrestricted phone.

          It's these same people who don't care if their Windows machine is full of viruses from opening their firewall since it was "inconvenient." With these people, a botnet of iPhones is just a matter of time.

        • Re:Excessive? (Score:5, Insightful)

          by Rexdude ( 747457 ) on Sunday November 22, 2009 @12:55PM (#30194862)

          No reason ordinary folk shouldn't be allowed to enjoy the benefits of an un-crippled, unrestricted phone.

          If having an unrestricted device is so important to them, why buy an iPhone at all ?
          Every other smartphone lets you use the network provider you want, or install the apps you want from anywhere.

    • by mysidia ( 191772 )

      If you don't bother reading the documentation and such, to ensure you use the "passwd" command as directed, then you have no business jailbreaking or using a jailbroken phone.

      Because you're going to screw up in some other way too. (Default password isn't the only mistake you can make)

      It gives Apple more ammo to use against jailbreakers, even justification for bricking them -- to protect Apple's good name against being tarnished by reports of "iPhone-based botnets".

      Part of the sales pitch of Apple s

    • by MeNeXT ( 200840 )

      try this ssh root@IPHONEIP does not matter if you change the password.

    • Perhaps this is a way to scare off the non-technical folks from jailbreaking. I'm not sure if that not-so-accurate advice is a big problem. Maybe those who jailbreak should understand what they're doing, or avoid doing it. Hacked technology is all kinds of fun until the idiot masses get to it. For instance, nobody cared about MP3s until napster let every idiot with a computer pirate mass amounts of music. Then suddenly MP3 was a bad word and we have DRM shoved so far up our butts that our teeth hurt.
  • by zach_the_lizard ( 1317619 ) on Saturday November 21, 2009 @03:43PM (#30187596)
    Finally! Now I can tell my friends that my iPhone can run all the stuff my desktop can!
  • by Azureflare ( 645778 ) on Saturday November 21, 2009 @03:44PM (#30187608)
    Just to clarify:

    Wederom zijn het alleen gebruikers van een gejailbreakte iPhone of iPod Touch die risico lopen.

    Translation: Again are the only users of an iPhone or iPod Touch gejailbreakte at risk.

    In summary, if you jailbreak your phone, install apps to make your phone a server, and don't take steps to secure it, you are an idiot and deserve whatever happens.

    • by Dahamma ( 304068 )

      Well... this would be "informative" if he actually fixed the translation to be readable, ie "As usual, only the users of a jailbroken iPhone or iPod touch are at risk." If the mis-translation was actually interesting, you could mod it funny, I guess...

      Now to be fair, I do agree 100% with the conclusion and would gladly mod "insightful" - calling something a "worm" when the attack vector is "tries default password on idiotic 'secure shell' software that even allows one" is a real stretch. IMO this is more

  • by harmonise ( 1484057 ) on Saturday November 21, 2009 @03:47PM (#30187632)

    why is SSH being installed with a default password left in place? Talk about asking for trouble.

  • Oh, Dutch... (Score:1, Interesting)

    by muncadunc ( 1679192 )
    gejailbreakte
    I love it.

    So the only phones at risk are the jailbroken (jailbreaked?) ones?
    You'd think the thing to do would be to incorporate a password-changing tool into the jailbreaking tools somehow, so users have to select something other than the default one.
    • Yes, only the jailbroken ones are affected. You're supporting a moot point. The people who are affected aren't following the instructions. You are told to change your password.

      If you like loan words such as 'gejailbreakte' there is German 'geownt' for owned.
    • Re: (Score:3, Insightful)

      by dingen ( 958134 )

      gejailbreakte
      I love it.

      Sadly, the language is full of these sort of things nowadays... give it another decade and Dutch will be fully understandable for people who speak English.

  • I have to take exception to the claim this is the FIRST malicious iPhone worm. After all, ikee inflicted Rick Astley on people - that probably gave folks nightmares.

  • It implies rickrolling isn't malicious.

  • Wait a second? (Score:4, Interesting)

    by cluge ( 114877 ) on Saturday November 21, 2009 @04:01PM (#30187780) Homepage
    >Owners of a jailbroken iPhone with a default root password are advised to flash
    >to the latest Apple firmware in order to ensure no malware is present."

    If they flash to the latest apple firmware, will they be able to

    • 1. Use the network of their choice
    • 2. Run non apple allowed apps (skype)
    • 3. Play their music without DRM

    Most importantly - will they be able to jailbreak the device after the update?

    I see a future where Apple, the RIAA, and others might wish to write worms to help prevent people from hacking their devices or brick devices that have been "hacked".

    • by maxume ( 22995 )

      Yeah, so don't do business with companies that embrace the control approach, problem solved.

    • Re:Wait a second? (Score:5, Informative)

      by CrackedButter ( 646746 ) on Saturday November 21, 2009 @04:11PM (#30187854) Homepage Journal
      I can already do number 3 without jailbreaking my phone.
      • by khchung ( 462899 )

        I can do number 1 without jailbreaking my iPhone also (you can also buy one next time to travel to Hong Kong).

        For number 2, Skype is available in App Store, why do you have to jailbreak to run it?

      • by Rexdude ( 747457 )

        I can do everything listed by the GP and then lots more, with my Nokia N82, without having to hack it or change the firmware.
        So can users of Sony Ericson, HTC, Samsung, Motorola..in short users of any smartphone other than the hallowed iPhone.

    • by jo_ham ( 604554 )

      I can do 2 and 3 right now on my un-jailbroken iPhone.

      I'm also quite happy with O2, although now the exclusivity has expired in the UK, I can switch to Orange if I really want.

    • 1. Use the network of their choice

      Good question !
      Is the iPhone sold by AT&T SIM-Locked ?
      Or is only the iPhone OS testing on which network it is connected ?

      That's an important distinction :
      - In the former case, the restriction of choice is done by the actual GSM/UTMS chip it self.
      Enabling the user to run the software of his/her choice doesn't change a thing. To unlock the phone a special command has to be sent to the chip to allow it to use another SIM card with a different identification number.
      - In the later case a jail breaked phone c

      • The former. These days, jailbreaking is a prerequisite to sim-unlock (because you need to access the software to talk dirty to the GSM chipset, a.k.a. baseband). You may or may not be able to unlock the phone once you're jailbroken, especially if you've applied an Apple update that updates the GSM chipset to close holes. For example, AFAIR, the iPhone 3GS can be thoroughly pwned as far as software goes after any update (ROM bootloader bugs), but updating the baseband will lock you out of unlocks until new e

    • >I see a future where Apple, the RIAA, and others might wish to write worms

      So you're telling me that in the future, Apple could possibly have the strong desire to write a worm for iPhones? You're like the prophet of uncertainty.
    • iPhone can play mp3 files no matter where they are purchased from - no DRM, and in fact most of the music sold on the iTunes store is DRM free now.

      Skype has been available in the App Store for quite some time

    • by CliffH ( 64518 )
      To answer your questions:

      1. Depending on where you are in the world, yes or no. In NZ, yes, you can use whatever network you wish

      2. I didn't know Skype wasn't allowed! I have Skype on my non-jailbroken phone. I picked it up on the App Store for free. To get to your point though, no, you cannot use the other app stores around which is a serious shame

      3. I play MP3s all the time. No DRM.
      If it is a 3G or a 3GS at firmware 3.1.2 then yes, you can jailbreak pretty damn easily. You can just as easily put it ba

  • Abstraction (Score:5, Insightful)

    by gmuslera ( 3436 ) on Saturday November 21, 2009 @04:02PM (#30187790) Homepage Journal
    You just do this and that happens. As in "you run this and your phone gets even more awesome" or "you'll shut down your firewall be able to get movies in your pc" or things like that. But you dont have to understand what are really doing, or all that it implies. People are getting powerful things, and as childs are irresponsible about what could happen because their actions because they don't understand them.

    It seem plain clear to us that having a common, default admin passwords in all the jailbroken devices is a very bad policy, but how many times we could had fell in a similar situation were are us who don't understand fully what we are using i.e. in other areas?

    To make things worse, we complain a lot about products that takes the "safest" choice for us, not giving enough control/customization to the final (knowing enough?) user, making those impopular and so not taken even by the people that don't know (or don't want to know).
    • Common, default admin passwords are present on all phones, jailbroken or not (it's just that they're basically useless with Apple's firmware). Jailbreaking it doesn't make you any more vulnerable, that only happens after you (manually) install OpenSSH. If anything, the OpenSSH package should force users to change their passwords (or refuse to work otherwise), but jailbreaking itself has nothing to do with this. People appear to be equating jailbreaking with having OpenSSH installed, which is entirely untrue

  • Apple? Hmm big corp don't like customer freedom.
    • You know what corporations like less than customer freedom? Class action lawsuits and criminal penalties, which is what they'd be facing if it was ever discovered that they wrote a worm for iPhones. All it would take is one whistleblower.
  • by BlueBoxSW.com ( 745855 ) on Saturday November 21, 2009 @04:37PM (#30188092) Homepage

    So Apple has been working hard to keep jailbreaking down to a minimum. Now it is discovered that some jailbroken phones with jailbroken apps have security issues.

    How is someone going to now turn this around and blame Apple?

    • How is someone going to now turn this around and blame Apple?

      Well it's easy :
      It's all Apple's fault. If they did provide absolutely all feature that every single user wanted, even including the weird hacking geeks, people won't be needing to jailbreak their phone in the first place.
      Therefore : Let's blame Apple !

      • Actually true. If they hadn't locked down the iPhone, there would be no need for jailbreaking. If the iPhone had an open but secure OS all of this wouldn't happen.
        Me, I'm still waiting for news about how open or locked down the various Android implementations are.

        • by DrYak ( 748999 )

          Me, I'm still waiting for news about how open or locked down the various Android implementations are.

          The Google Dev phone is (HTC Dream but Google-branded, not AT&T brande), for example, completely unlocked.

          There are countries (like in Switzerland) where phones aren't directly subsidized by- and sold exclusively by- phone companies, but where subscribing a data plan simply gives you a rebate to use while buying whichever phone you like.
          In such place the dev phone is definitely a good buy.

          My brother got one in such a way.

          The only official limitation with Android phones is that although the OS it self is

      • ...
        In a more serious way :
        If you look, there's a gradation of phone un-locking.

        With iPhone at one range of the spectrum : people have to circumvent Apple's limitation to be able to do what they want with the phone. You can't even do some pretty much basic stuff like tethering - I find this particularly asinine. I've been doing that for years (almost a decade) with my antique Ericsson T39. Since IrDA/Bluetooth and GPRS have been existing, people have been doing it, but on what's supposed to be the latest bas

        • "That's not what users want"....

          Okay, so the iphone is the hottest selling smart phone on the market, and no users "want what it offers".....seriously.
          • so the iphone is the hottest selling smart phone on the marketand no users "want what it offers".....seriously.

            "So the iPhone is the perfect device that every single users have ever dream of and nobody will never need any additional functionality ever, but curiously a huge amount of them still feel the urge to circumvent the restrictions ?"

            See, your reflection works both ways.

        • by Rexdude ( 747457 )

          It's understandable from a marketing point of view, but that's not what Slashdot readers, hackers and power users want

          Fixed that for you. The vast majority of iPhone users are average folks who aren't going to bother with jailbreak and simply use the phone as Apple intended.

  • Publishing your password on the net (which is roughly equivalent to what these lusers have done) borders on criminal negligence. I've ranted about this before (and yes, it was /.ed), and the conclusion remains the same:

    if you run with a default password, for root or otherwise, you have effectively published that account's password.

    What is bound to happen after you have published your password is left as an exercise to the eader.
    • by toriver ( 11308 )

      You should not be so quick to dismiss the benefits to known default passwords. Once I had to install an application targeting an Oracle database, but when I got there none of the techs present were Oracle administrators. Luckily, the people who had set up the database hadn't bothered with changing defaults, so I was able to do the install via the SYSTEM user. Didn't check if they also had default on DBA (or was it called SYSDBA?) since that default password is too long to bother with.

      • Oh, there's certainly a convenience factor, of course. The problem starts when your account with the default password is exposed to the world at large. In the case of the jailbroken iphones there is no sane reason to have a default password - for root of all things - in the first place.

        And http://www.defaultpassword.com/?action=dpl&char=d [defaultpassword.com] confirms my hazy memory of the DEC field circus' User: field pass: service - which is good for a few stories in itself, of on-sites changing the password to 'circu
  • Doesn't this (finally) put to bed the notion that there are virtually no worms or viruses for Mac OS X simply because hackers don't want to waste their time on a platform with so little market share? The platform targeted by the hackers in this case -- jailbroken iphones running a particular service -- is a fraction of the installed base of Mac OS X computers. It seems that hackers (naturally) select their targets primarily based on ease of exploit -- jailbroken iphones with SSH installed with a default pas

    • I think it's also important to note that the security of Mac OS X extends to the iPhone as well; hackers are apparently unable to successfully compromise the much larger installed base of iPhones, having to content themselves with the much smaller population that has been jailbroken (read, "security compromised").

      Obviously you do not remember how the early firmwares were jailbroken.
      All you had to do was visit a website.

      Except, everyone loves it when there's a new exploit discovered for the iPhone, and pretends not to recognize how that could easily have been used to spread a malicious worm instead.

    • Doesn't this (finally) put to bed the notion that there are virtually no worms or viruses for Mac OS X simply because hackers don't want to waste their time on a platform with so little market share?

      Well, my personal opinion is that OS X doesn't get as much malware because its security model is better then Windows' in at least one crucial way: it has the Unix concept of the executable bit, which turns the system from "default allow" to "default deny" and so locks out a huge number of traditional Windows

  • Honestly, these headlines of recent need to include the word 'jailbroken' - then I wouldn't have to read them. Really, who cares? If you're jailbreaking your iPhone , man up and secure it. It's no different than any other computing device.
  • Seriously misleading. Next headline: "Toyota Prius prone to nuclear explosion". ... if you remove the engine, put your homebrew uranium fuel rods in it, and forget to read the owner's manual about needing proper coolant.
    • by mjwx ( 966435 )

      Seriously misleading

      How?

      First Malicious Iphone Worm In The Wild

      Lets break this down.

      First - yep, no other malicious iphone worm came before it.

      Malicious - yep, the author intended to do damage.

      Iphone - yep, it runs on the iphone.

      Worm - yep, it is a computer worm

      In The Wild - yes, this virus is in the wild.

      The summary also said this uses the same exploit that was used with the Rickrolls, the summary also stated that this only affected Jailbroken handsets. So, you could not just simply

  • One reason why people might still be using the original password, and why this is all a hassle, is that the normal UNIX passwd program cannot be used on the iPhone.

    I believe one needs to manually edit a file called /etc/master.passwd

    • by elijahu ( 1421 )

      You do not know what you are talking about.

      While that might be "a" way to change the password, the MobileTerminal program provides a convenient shell from which passwd works just fine. It is strongly recommended that the root and the "mobile" accounts' passwords are changed from their default. Instructions for doing so abound even with screen shots for people who can't be bothered to read. While there is the "hassle" of having to install MobileTerminal, I'm not sure this is really too much trouble for some

  • NO NO NO... the title for the article should read "First malicious worm for JAILBROKEN iPhones in the wild" because that is the only way to get it and lazy readers will just start running for the hills claiming how insecure the iPhone is.

    And by lazy readers I mean tech journalists.
  • It gives the impression you (the customer) is doing something wrong (breaking out of jail). Call it "removing the DRM". Personally, I don't know why anyone would want to buy a DRM-crippled device for hundreds of dollars and be beholden to 2 mega corporations dictating what you can and can't do with it. But I'll defend to the death the right of the public to do what they please with what they buy (own). F*** corporate rights!
    • Shouldn't this be enough proof that having a jailbroken device capable of running anything under the sun is a problem from a security standpoint?
  • by jht ( 5006 ) on Sunday November 22, 2009 @09:02AM (#30192998) Homepage Journal

    Being only able to buy the iPhone here in the US as a carrier-locked phone - that's wrong and sucks. But sadly that's the rule here because of the deal Apple has with AT&T. May it expire soon, even though the only other national GSM carrier is T-Mobile and they have an even smaller footprint. It'd be nice to take an iPhone out of the country and get a local SIM without having to use your AT&T account.

    Of course, that carrier lock is also why the iPhone costs $200 instead of about $600 or so - the carrier subsidy that AT&T pays Apple for it keeps you from having to pay all the money up front.

    Jailbreaking, though, is a different story. Anyone who wants to jailbreak their iPhone should feel free to do so and run whatever they want. But if you go to the trouble to bypass Apple's application security model you get what you get. Not Apple's fault.

    But things like this worm make me understand that much more why Apple works to plug the holes that jailbreak tools keep exploiting. We may not all like that we're restricted to getting apps from the App Store, but on the other hand the iPhone isn't sold as a tool for personal freedom. It's sold as a phone that runs apps that you get from Apple. Period.

    There's other phones that are marketed as "freedom phones". If people want that above all else, they should buy a phone with the appropriate OS and not an iPhone.

    Ultimately, I hope Apple opens up the App Store further and simply reviews apps to answer just a couple of questions:

    1 - Does the app do anything that expressly isn't allowed by carrier contracts?

    2 - Does it break the published development rules?

    If it doesn't, then it ought to be published, period. For instance, now that AT&T stated that VoIP would now be allowed on their network, all the Google Voice apps and Skype should immediately be approved and put out for 3G usage. Because those apps don't break guidelines and are now allowed by the carrier.

    But even if they eliminated all restrictions short of that, the App Store will never be the free market that jailbreakers want to have. So get another phone. I hear you can run anything you want on Windows Mobile.

    (why you'd want to may be another story...)

  • by Wovel ( 964431 )

    People are going to great lengths to pretend like there are vulnerabilities in the iPhone. This is a Darwin worm and not much else.

Avoid strange women and temporary variables.

Working...