It has been reported that a vulnerability in iPhones means that a hacker can wirelessly hijack your iPhone if they are within Bluetooth range. Australian security researcher and consultant Mark Dowd revealed that iOS 9 includes a patch for this security vulnerability, which he warned Apple about just over a month ago. Tim Erlin, director of security and product management at Tripwire commented on hacking iphone within the bluetooth range.
Tim Erlin, Director of Security and Product Management at Tripwire :
“Vulnerabilities like this one should remind users of the importance of keeping your systems current with security updates. Unfortunately, those who would most benefit from hearing this advice are also the hardest to reach. There’s no doubt that this vulnerability will persist and be exploited on devices that aren’t updated.”
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring,vulnerability management and log intelligence.
You can now download an untethered jailbreak for every iDevice running iOS 7.0 to 7.0.4, including the iPhone 5, iPhone 5S, and the latest iPad Air and iPad Mini. Early reports suggest that the Evasi0n jailbreak, released by the Evad3rs group, works perfectly — but due to malware and other possible issues, we cannot recommend that you install it.
There is a lot of controversy surrounding both the development and release of this first iOS 7 jailbreak, and an internal source at Evad3rs tells ExtremeTech that the jailbreak contains “Chinese malware” — a prominent placement that reportedly netted a “high six figure” payment for the Evad3rs. Furthermore, with iOS 7.1 due to land any day now, there is concern that the Evasi0n jailbreak gives up the zero-day vulnerability too soon, allowing Apple to quickly plug the hole. Never has an iOS jailbreak been so entangled by such a contentious crud storm. Read on to find out more.
The Evasi0n7 jailbreak, released last night by the Evad3rs, is an untethered jailbreak for all devices running iOS 7, from 7.0 to 7.0.4, and can be performed from any PC running Windows or OS X. This means that the iOS 7 jailbreak works for older devices like the iPhone 4 and 4S, but more importantly it supports the iPhone 5 and 5S, iPad 2 and later, iPod fifth gen and later, and the iPad Mini — Apple’s newer iDevices that, for various reasons including the newer A5, A6, and A7 SoCs and advanced security measures in the firmware and boot ROM, have proven very hard to jailbreak. Don’t get me wrong, the Evasi0n jailbreak is some seriously impressive work — but it’s the situation around the jailbreak that we need to discuss, before you go ahead and jailbreak your iPhone or iPad.
Evasi0n 7, iOS 7 jailbreak
Before we dive into the controversy surrounding the Evasi0n jailbreak of iOS 7, we should preface this by saying that there’s a lot of misinformation floating around right now. Due to the secretive (and as it turns out, highly lucrative) nature of jailbreaks, it’s hard to come by trusted and veritable sources of information. We’ll try our best to report what we know to be true, and rumors and reports that are probably true. That’s the best we can do at this point.
Cydia vs. China
The Chinese Taig app store
As you probably know, most jailbreaks (Evasi0n, Redsn0w) come bundled with Cydia — an alternative app store for jailbroken iPhones, iPads, and the iPod touch. This version of Evasi0n, however, comes with Taig — a Chinese app store. From our internal source, it seems that the Evad3rs negotiated with both app stores for inclusion in the jailbreak, but Taig offered more money, netting a payout for the Evad3rs that was “in the high six figures.” Cydia’s lead developer, Jay “Saurik” Freeman said on Twitter he simply couldn’t beat Taig’s offer: “… [The] closest I came had me potentially losing money I didn’t have.”
Since the jailbreak’s release, Evad3rs has come under fire because the Taig app store lists a lot of pirate software. While Cydia doesn’t prevent you from installing pirated software, it does try to discourage you. Furthermore, we’re told by our source at Evad3rs that the jailbreak contains “Chinese malware.” We’re not sure if this refers to the Taig app store itself, or if there’s another piece of nefarious software that’s hidden in the jailbreak. Until it’s entirely clear, you should probably refrain from installing the jailbreak.
One of the overarching themes with the Evasi0n7 jailbreak, and probably the reason why there’s so much blood in the water, is that it was rushed out the door. According to the Evad3rs, Cydia’s Saurik, after being rebuffed, “was working with another group to release a jailbreak ahead of us.” Because there’s a lot of money to be made from jailbreaks (around $100k in donations, according to Saurik), there is a big incentive to be first. The Evad3rs’ six-figure deal with Taig was probably contingent on them being first, too.
Geohot, with his Xiaomi Mi3 smartphone
Geohot returns, with a Xiaomi Mi3 smartphone stuck to his forehead. Who can ever forget those penetrating eyes?
As for who the Evad3rs were competing against, it was none other than Geohot — George Hotz, of original iPhone, Limera1n, and PlayStation 3 jailbreak fame. Judging by his new Twitter account, it seems he was getting very close to releasing his own ra1n jailbreak. “Sale was never going to happen … actually registered the new ra1n domain last night… but congrats to evad3rs, i can’t always win :p”.
Considering the scrutiny that the Evasi0n jailbreak is under right now, though, it sounds like Geohot and Saurik should probably work together to release a clean, piracy-free jailbreak in the next few days or weeks — preferably after Apple has released iOS 7.1, which contains a number of eagerly awaited tweaks and fixes.
Instituto Internacional de Seguridad Cibernética