IPhone Jailbreak Life, Death and Legacy

As a diverse group of young hackers participated in the formation of a modern iPhone

The curtains on the windows are half down, which is why twilight reigns in the bedroom. A gloomy day in Bassano del Grappa, a city in northeastern Italy, best known to the world for its brand name, grappa . I am sitting on a double bed - there is nowhere else to sit here. On the left is a bookcase, crammed with comic books about Mickey Mouse - a must-have attribute of any Italian’s children's bedroom. In front of me, sitting in a chair styled as a race car seat, is Luca Todesco, a 19-year-old boy, and possibly the best iPhone hacker on the planet.



I am giving him my new iPhone 7 with the latest updates.



“Can you jailbreak it?” I ask.



Jailbreak - the art of hacking the ultra-secure iOS operating system from Apple [ jailbreak - jailbreak / approx. trans. ]. Hacking allows users to customize the phone, write and install any program that is not limited by the rules of the company. When I met Todesko in December 2016, there was no known jailbreak for the latest version of iOS 10.2 installed on my phone.



The first hacking procedure, discovered in 2007, was arranged in steps and posted online. After that, the jailbreak was done by millions of people. At one time, there was even a jailbreakme.com website, a completely free cracking the phone of anyone who entered it.



Todesco's jailbreak was available only within his bedroom at his parents' house.





Luka Todesko hacks the iPhone in her bedroom, in December 2016



Todesko, known online as qwertyoruiop , looks confused. He picks up my phone and picks up a cable from the table, which lies next to it neatly, as if in a display case located in a collection of two dozen iPods and iPhones. He connects the phone, enters a couple of commands on the Mac, and presses Enter. My phone screen goes off and on again, and then a white screen appears.



The inscriptions on the screen change: "Doing it ... Patching ... Jailbroken".



“Ha!” Says Todesco with a smile.



The garden wall of Apple is destroyed. Phone jailbroken.







If it was the end of the 2000s, Todesco would write about his method on the Internet and release the technology to the public. It would be accessible to all iPhone users, and would give everyone a chance to unlock the phone and install applications that were not approved by Apple, or adjust the appearance, theme or design of the home screen.



The jailbreak goes through the use of one or more errors that allow you to disable the security code "forced signature code ." After that, the hacker can run the code, not signed and not approved by Apple. As a result, he has the opportunity to install applications that are not approved by Apple, and make changes to the OS.



Jailbreaks began to get involved soon after the launch of the first iPhone, and in 2008 this movement gained momentum and became a cultural and economic phenomenon. Teams of hackers, known by such names as the iPhone Dev Team , Chronic Dev and evad3rs , were the best hackers of the iPhone of their generation. For them, hacking the next Apple phone and opening the system to access an unbridled crowd of developers was a sport and a crusade. Brilliant and audacious software developer Jay Freeman organized a meeting place for hackers called Cydia - something like an alternative App Store. At the peak of popularity, Cydia, which was released earlier than the App Store itself, was a business that earned millions of dollars and offered users a way to work with the iPhone as a free and open computer.



But times are changing. The jailbreaker community has split, many of its former members began working for private security companies, or even Apple itself. A small number of private hackers can refrain from receiving rather big rewards paid for detecting vulnerabilities in the iPhone. Users themselves have ceased to require jailbreaking, because Apple simply borrowed the best of their ideas and embedded them in iOS.



When the iPhone 7 came out on September 16, 2016, Todesko discovered a way to hack a new version of iOS just a few hours after buying the phone in a supermarket. He showed it on YouTube and told our publication that he did it so quickly because most of the bugs and vulnerabilities already existed for previous versions of iOS.



Search for such errors is not easy. iOS is one of the safest and most difficult to crack OSes in the world. Most of the code in it is secret. It’s hard to figure out what works in iOS and how, let alone find flaws in it. Apple has always put iOS safety first, but you can't say that the iPhone cannot be hacked. Everyone can read the security notes after an iOS update and see a whole set of bugs, some not dangerous, some serious. There have been several cases of the appearance of malicious programs , as well as the leak of a jailbreak created by government hackers to spy on people.



But it's hard to deny that the iPhone is a garden surrounded by almost impregnable walls, and only experienced hackers and teams can overcome them.



Todesko is pleased to demonstrate the jailbreak of the iPhone, both on YouTube and our publication, but the young man is not going to make his secrets accessible to everyone. Its carefully guarded technology and the errors on which it is based can cost up to $ 1 million , according to market prices offered by traders of zero-day vulnerabilities .



The pioneers of jailbreaking helped turn the original iPhone from a poor phone to a powerful tool capable of much of what modern phones are capable of, from video games to tracking bike rides.



“There wasn’t even a damn game on iPhone iOS 1.0, right? Other phones had copies of Snake, there was a copy of Hangman in any phone - Apple didn't even have that, ”Freeman says, and adds that in the first iPhone you couldn’t even set up call profiles or turn off the sound for certain contacts at certain times of the day.



“The phones had these capabilities, and the iPhone didn't have them,” he says. “When the iPhone came out, it was just a small tablet with a web browser, to which the shitty phone was attached.”



For a jailbreak, it was time for the Wild West, when talented, albeit beginner, hackers did it for the sake of interest.



"It all started with a group of teenagers writing worthy NSA exploits to release software," said a former Apple employee who wished to remain anonymous due to a nondisclosure agreement.



For a while, hackers spread freedom. They gave people around the world a chance to fine-tune their iPhone and improve its capabilities.



“Then it was something to have fun with - and everyone used a jailbreak. Even iPhone OS 2, because people wanted to customize themes and be able to copy and paste text, says Freeman. “There were so many different functions that every person is waiting for in a computer or phone, it was very easy to do all sorts of cool things.”



Ten years after the iPhone was on the counters of the Apple Stores around the world and the first jailbreak happened, the Wild West disappeared. Now this is the professional multi-million dollar security research industry. This is a world in which a jailbreak - at least in a familiar form - may cease to exist.



A skinny 17-year-old guy with unkempt curly hair and a shirt not in size is in a room that resembles the parent's kitchen, and takes the iPhone - the very first one - from the pocket of his jeans.



“Hello everyone, this is a geohot. And this is the first unlocked iPhone in the world, ”announced George Hotz on YouTube in a video uploaded there in August 2007.



Working with a team of online hackers who were trying to untie the iPhone from a contract with AT & T, Hots spent 500 hours researching the weak points of the phone before finding the Holy Grail. At first, he used a clock screwdriver and mediator to open the back cover of the phone. He found a data processor that tied the phone to AT & T networks. George soldered a voltage wire to the data processor and scrambled its code. On his computer, he wrote a program that allowed his iPhone to work on the network of any wireless operator.



Hots recorded the result on video - the ability to call from the iPhone using a T-Mobile SIM card - and became famous. A wealthy entrepreneur traded this phone from him for the 2007 Nissan 350Z and three new phones. Apple's stock price rose the day the news spread online, and analysts attributed it to the ability to get a phone without being tied to AT & T.



Since then, the number of video views has already exceeded 2 million.







Technically, it was not a jailbreak, but Hots showed that the tendency to crack the iPhone exists. When he worked on clearing the phone from the clutches of AT & T, a group of hackers cooperated to penetrate the wall of the Apple garden. They called themselves the "iPhone Dev Team". They had nothing to do with the real Apple development team, which caused confusion over the years.



“In 2007, I was in college and I didn’t have much money,” says David Wang, one of the members of the iPhone Dev Team.



Being obsessed with technical updates, Wang became interested in announcing the iPhone. “I thought it was an important and impressive stage in the development of devices. I wanted it, ”he recalls. “But the iPhone was too expensive for me, and I had to take it with reference to AT & T. But they also announced the iPod Touch, which I sort of could afford. I decided that I could buy myself an iPod Touch, and then they would release the opportunity for him to make web calls. ”



Or you could try to hack it yourself.



“Then there was no App Store, and no third-party applications,” Wang says. - I heard about the people involved in his modding, iPhone Dev Team, and hackers, and how they were able to run the code on the iPhone. I expected them to do the same with the iPod Touch. ”



The iPhone Dev Team was probably the most visible team of hackers targeting the iPhone. They began to look for vulnerabilities in code — bugs that could be exploited to gain control of the OS. Vang waited and watched.



“Each product is first in an unknown condition,” said Dan Guido, a cybersecurity expert. Guido is co-founder of Trail of Bits and an iPhone security expert. Apple, according to him, “lacked the ability to eliminate vulnerabilities, they had many errors in critical services”.



But this was to be expected. It was a new device, a new frontier. Without holes would not have cost.



It took the hackers only a day or two to crack the iPhone software after Chris Wade , now the 4Sense technical director, discovered a way to use an error that caused Safari to crash when opening a site that showed a specially prepared TIFF file. Such a TIFF was discovered by Tavis Ormandi , and now he works in the elite hacker group Google Project Zero. Hackers usually laid out evidence of a hacking system - they downloaded a video from a phone with an unauthorized call, for example - and then laid out detailed instructions on which others could reproduce their actions.



"When the iPhone came out, it was for Mac only," says Wang. - I did not want to wait for people to lay out instructions for Windows, so I figured out what they did and made a set of instructions for Windows users. It turned 74 steps. "



It was a turning point. Wang, known by the nickname planetbeing, posted his instructions a few weeks after the famous geohot video appeared, and this caused a stir. “If you google jailbreak in 74 steps , you will see my name,” says Wang. “That was the first thing I did.”



That is how the term jailbreak has become popular to denote hacking the security system of the iPhone, and allowed users to work with the device as with a real computer - change settings, download new applications, etc.



Soon after, Wang saw a blog post by security expert Moore, where the exploit related to TIFF was broken down into steps . In fact, Moore made an instruction for an automatic jailbreak.



Vang wrote a precursor to what would soon become the most legendary - and trivial to implement - jailbreak iPhone. Instead of 74 steps, he only required a visit to the online application in Safari, the site JailbreakMe.com, and it immediately hacked the phone.



The first JailbreakMe, also known then as AppSnapp, was released in October 2007 and soon became a legend.



“The JailbreakMe attack was very interesting - then you could go to the Apple Store, open JailBreakMe.com, which had this“ swipe for jailbreak ”button that launched the exploit and gave root-access to the phone via the Internet, says Guido. “It was possible to go to the Apple Store and jailbreak all the phones from the storefront.”



“Spend for jailbreaking” is a reference to the famous mechanism on the iPhone. Ambiguity, emphasizing the fact that it was a closed, locked system that was released for you. Apple was so concerned about this practice that it eventually blocked access to the site from a chain of stores.







Apple, realizing that jailbreaking has become increasingly popular, broke its silence on September 24, 2007, when it issued a statement : “Apple discovered that many unauthorized iPhone unlocking programs available on the Internet cause irreparable damage to the iPhone software, which, most likely, will lead to failure of the phone after installing future software updates. "



Apple worried for a reason. Guido says that the joke with JailbreakMe was "funny and it was very fun to do, but she also amazingly demonstrated the simplicity of such an attack." This exploit, technically called “star exploit,” according to Guido, “could be quickly turned into a tool for attack, and we were lucky that this did not happen.”



Or happened?



In theory, because of the jailbreak, people could expose their devices to the dangers associated with malware. Only last year, Chinese hackers stole hundreds of thousands of passwords from jailbreak phones.



Evidence that the public jailbreak or vulnerability used for this was used by malicious hackers to attack the iPhone. But after the hacker Nicholas Allegra , known as Comex, released one of the versions of his famous application JailbreakMe, the hackers remade it into a tool for hacking users - so say two former Apple employees.



“Everything was pretty rudimentary. They simply replaced the last part, everything else remained identical, ”one of the sources told us, asking not to reveal his identity. "They replaced the last part, and instead of launching Cydia on the basis of a jailbreak, they launched something they did themselves."



Unlike those unknown malicious hackers, most of the jailbreakers, like Wang, did it out of sports interest, and also from the desire to expand the capabilities of a machine that is clearly capable of more. Most did not crack other people's phones (except for models from the Apple Store windows, and this joke could be easily fixed), and used jailbreak only on their devices to change settings.



Apple fixed a bug with a vulnerability in working with TIFF, and it launched a multi-year battle. iPhone Dev Team and other teams found new vulnerabilities and released new jailbreaks. The first who found the vulnerability, received fame. Then Apple fixed the error and turned the jailbroken phones into "bricks", which made it impossible to use them. When Steve Jobs was asked about jailbreaks at a media meeting in September 2007, he called it a “cat-and-mouse game” between Apple and the hackers.



“I don’t know who we are cats or mice,” Jobs admitted. “People are trying to break in, and our job is to prevent them.”



Over time, the jailbreak community has grown in size and impact. The iPhone Dev Team conducted a reverse-engineering of the phone's OS to launch third-party applications. Hacker developers made games, voice applications and tools to change the phone's interface. There was little that could be configured on an Apple phone. On the original iPhone, there was not even a setting for changing the wallpaper, and the applications just hung on a black background. All fonts, layouts and animations were carved into granite. It was the hackers who pushed the phone into the role of addition to creativity and the manipulator with the knowledge that the idol of Steve Jobs, Alan Kay , originally imagined mobile computers.





Jay Freeman - second from right, in line for an Apple presentation in 2010



After launching in February 2008, Cydia, the brainchild of Freeman, allowed users a lot more than is now available on the App Store. Users can download applications, games and programs. But they could also download adjustments and tools for serious reconstruction. For example, it was possible to remake the layout of the home screen, download ad blockers, applications for calls not through AT & T, and better control data storage.



Apple didn’t like it and tried to discourage people from jailbreaking. In 2009, Apple took advantage of the copyright law and outlawed jailbreak . And although she never sued for a single jailbreaker, this practice remained in the gray zone. A year later, the head of the Library of Congress recognized the practice as legal , which opened the way to new jailbreaks.



Around this time, Allegra, who took part in the iPhone Dev Team, who was then 18, took control of JailbreakMe, helping millions of people jailbreak their iPhone and install Cydia.



The game of cat and mouse between jailbreakers and Apple continued.







The popularity of jailbreak and Cydia have openly demonstrated that there is a clear demand for ways to get new applications and access to manage their devices.



For Freeman, it was a question of ideology.



“The whole point is to fight corporate feudal lords,” he told The Washington Post in 2011. - This is a popular front, which is why Cydia is of such interest. Apple is an ivory tower that controls your feelings, and people were attracted by the fact that the jailbreak brings them back to them. ”



In 2011, according to Freeman, the platform had 4.5 million users a week, and it brought in $ 250,000 of revenue per year, most of which was spent on supporting the ecosystem.



Money was a problem for jailbreakers like the iPhone Dev Team, who relied on donations through PayPal and the part-time jobs they needed to finance their attempts, says Wang. Over time, when the App Store muffled interest in jailbreaking, and Apple was increasingly aggressive in countering hacking, the team began to disintegrate.



As in any good story "fighters from the underground against authoritarianism," there was a trick in this. There is evidence confirmed by one of the team members that one of the key members of the iPhone Dev Team was an Apple employee. None of the developers had suspected that the bushing hacker, known for his reverse engineering skills, was a double agent working for a company whose phones they hacked. Who was that?



Ben Bayer got a job at Apple as Chief Security Engineer for Embedded Systems in 2006. At least this follows from his online track. The LinkedIn profile for Ben B. The work is described in the same way as the history of its activities, which includes work on libsecondlife - an attempt to create a version of the once popular online game Second Life with open source, in which the user “bushing” accepted Active participation. This hinted that Bayer was bushing, which Wang confirmed to us. The fact that Bayer worked at Apple was confirmed to us by the person who worked with him.



“Then we didn’t know that,” Vang stutters today, unwilling to recognize the role of Bayer in the jailbreak. - We understood it only later. At first, they did not know, and then it seemed to make us understand. ” Bushing has become an influential force in the community. He left this world in early 2016 for natural reasons, as his friends and colleagues tell us. He was 36. The



community was not always at the knives with Apple. Jailbreakers sometimes dropped in at the annual Worldwide Developers Conference and said hello to the security team. Once, hackers even left a hidden message for them in one of the jailbreaks, by name mentioning individual engineers, as one former Apple employee claims.



“Many of the participants were young people with a lot of free time, and then they had to look for work, or graduate, or something else,” a former Apple employee told us. Everything was done "for fun" and "on the weak," as well as from "comradely motives."



“There was a jailbreaker community then,” said this former employee.



Many years after the iPhone Dev Team gathered in IRC chats, jailbreaks and entertainment on YouTube gradually turned into memories. One of the reasons was that the iPhone, thanks in part to jailbreaks, became harder to crack. Another - experienced hackers began to get a job, in Apple or in companies involved in security.







A decade after the first jailbreak, his legacy continues to live.



Jailbreak team showed vivid evidence that people needed the App Store, and that people could do amazing things with it. Let the forbidden methods, jailbreakers have demonstrated that the iPhone can become a living and diverse ecosystem designed for something more than just calls, browsing the web and increasing productivity. They showed that the developers will go to great lengths to participate in this platform.



So partly there is the merit of the hackers from the iPhone Dev Team in that Jobs allowed the present development team to open the device for everyone in 2008.



“I don’t want to be too arrogant about our role. We didn’t know what Apple was planning there before our appearance, ”says Wang, or how important it is that they hacked the iPhone until it was opened. "I want to say that this played a role."



But now, when Apple has included some of the best modifications and features previously available only through jailbreak in iOS, do the average iPhone user need to hack his phone?



It turns out that no.



Yes, they can not do it. There is no jailbreak for the current version of iOS. The latest public jailbreak is for iOS 9.3.3, released July 18, 2016, according to the site that tracks jailbreaks . Over the past few years, jailbreaks have become very rare.



Apple has increased security measures, and full jailbreaking has become more difficult. Now you need to use a chain of errors that are hard to find. And it made the jailbreaks and bugs associated with them, too valuable to crush them for free - or even give them to Apple for thousands of dollars.



Last year, Apple's head of security and the main killer of jailbreaks, Ivan Krstić, boasted about iOS protection, indicating that nowadays jailbreaks need to find "from five to ten different vulnerabilities to overcome platform security mechanisms."



"Over the decade that the OS exists, not a single malware for iOS has appeared that would harm a large number of people," said Krstic during a speech at WWDC in 2016. "Our users were surprisingly well protected for almost 10 years."



In January of this year Todesko announced the end of his jailbreaker career.



"After this story, from 10.2 I will stop all public research with iOS. The idiocy of the jailbreaker community is too great for me," he wrote on Twitter , before clarifying that under "public research" he had in mind “public jailbreaks.



When we met him last December, Todesko complained about the unpleasant atmosphere of the modern jailbreaker community, in which people throw hackers with requests for jailbreaks. These constant requests for jailbreak schedule - “ wen eta jailbreak ?” - have become almost a meme.



Everything has really changed.



“I have a feeling that at this stage the jailbreak is dead,” Allegra said in a recent chat via iMessage.



He said that if anyone can revive jailbreaking, this is Todesco. When we informed him that the Italian hacker had announced that he was throwing this case, he wrote: “Yes? Poorly".



Freeman, Cydia's father, who had seen countless jailbreaks, did away with it. In the good old days, he says, jailbreaks worked for months. Now public jailbreaks kill right away.



“Apple raised the priority for fixing jailbreaks, and besides, we got so deep that they became really dangerous,” he says.



Once he was a passionate jailbreaker, and now he doesn’t recommend doing it with his phone. This has become dangerous due to the increased risk of hacking, and is no longer worth it, as he said in a recent telephone conversation.



“And what do you get from this?” He asks. “Previously, you received cool opportunities, which practically made you buy a phone. And now only small changes. ”



“This all turns into a shrinking spiral, where the less people are interested in jailbreaking, the less developers are doing interesting things, and the less reason for people to be interested in jailbreaking,” he adds. - Which means that fewer people jailbreak, and that fewer developers do it. And all this is slowly bending. "