Hackers Push Jailbreak for iOS 4.2 Devices

ID THREATPOST:EB154497DA8D4E7C46FC9529294155F3
Type threatpost
Reporter Paul Roberts
Modified 2013-04-17T16:35:38


A leading group of mobile device hackers have released a software update that allows iPhone and iPad users to circumvent content controls using the latest version of Apple’s iOS operating system.

The so-called “jailbreak” was released within hours of Apple’s own release of iOS 4.2.1 by the iPhone Dev-Team, one of the top mobile device hacking collaboratives. It came just hours after Apple released its update to its mobile device operating system, with new capabilities for iPhones, iPads and iPod Touch devices, while fixing scores of software vulnerabilities.

Redsn0w 0.9.6b4, which was announced on the Dev-Team blog on Tuesday, is a jailbreak patch that works with all devices running iOS 4.2.1. It builds on earlier jailbreak code, dubbed limera1n, which was created by a mobile hacker using the handle Geohot. Like other recent jailbreaks, limera1n leverages a flaw in the boot ROM, low level code that is run immediately by the device’s processor when it is powered on. Boot ROM is used to load the firmware (or operating system) that manages mobile devices. Because they run below the level of the operating system and is integrated with the hardware used by the device, boot ROM exploits cannot be patched through traditional software updates after devices have been manufactured.

The Redsn0w jailbreak works on iPhone 3GS devices using an updated boot ROM, as well as iPhone 4, iPad and iPod touch 2G, 3G and 4G devices, according to a report on redmondpie.com. However, the latest jailbreak is what is described as “tethered,” meaning that device owners who need to restart their device or who run out of battery life need to physically reconnect it to their laptop or desktop to reboot the device in a jail-broken state. Recent exploits have allowed phones to run untethered – rebooting directly into their jail-broken state.

According to the Dev-Team blog, work is ongoing on a way to offered untethered jailbreaks for devices running 4.2.1, as well.

The release is just the latest instance of the cat and mouse game that Apple and other mobile device vendors are playing with teams of talented programmers and engineers bent on liberating those devices from the restrictions and exclusive marketing agreements that restrict their use. In September, The Chronic Development Team posted a boot ROM jailbreak for Apple’s prior iOS release, 4.1, within hours of that update being made public.

Jailbreaking devices is legal. However, jailbreaks do present dangers for users, who may inadvertently disable their phone by applying the wrong patch or series of patches. In its latest post, the Dev-Team warned users who have applied an earlier patch called ultrasn0w to steer clear of Apple’s 4.2.1 iOS update.

Security researchers also warn that jail-breaking devices can open the door to malicious code. At the recent ToorCon Hacking Conference in San Diego, Eric Monti, a researcher at TrustWave’s Spider Labs, demonstrated how the same vulnerabilities leveraged by the jailbreak engineering teams like Dev-Team and Chronic Development Team could also be used to push rootkit-style malware to vulnerable devices.