The Mac Sucks!

According to CNET’s Leslie Katz, the iPhone 3GS has already been “jailbroken” so that it can run unapproved third-party applications. The jailbreak application is known as “purplera1n” is currently only available for Windows machines and requires the latest version of iTunes to be installed. A Mac version is expected soon.

The whole iPhone “jailbreaking” phenomenon is interesting for a couple of reasons. The most obvious of these is that it proves iPhone owners have an interest in running software on their devices that Apple and AT&T disapprove of. This suggests that although the iPhone is quite popular, it might be even more popular if Apple stopped controlling it so tightly. At the very least, it shows there is demand for applications that Apple thinks are “inappropriate” somehow.

Another reason iPhone jailbreaking is significant is that it provides an undisputed example of how a security weakness in Apple’s Mac OS X operating system could be exploited by a malicious coder. As Apple and its fans often proudly state, the iPhone operating system is based on the Apple Mac OS X operating system. In some ways, it could be argued that the iPhone and its OS are Apple’s most secure product. Apple controls the hardware completely. Users can’t upgrade it in any significant way, such as adding more internal storage or replacing the CPU chip. Apple controls, or at least attempts to control, the software in a similar manner. Apple installs all the OS upgrades via iTunes, controls what content gets stored on the device, and even decides whose applications are permitted to run on the device. In other words, that platform represents Apple’s best efforts to lock down its hardware and OS.

Still, in spite of Apple’s effort, the iPhone continues to be jailbroken. In security terms, the “hackers” are able to break through Apple’s security precautions, modify the contents of the device, and run unauthorized applications on it. This is exactly the same thing as if a hacker constructed a specially-designed web page to tempt Mac users into visiting it, then used a security weakness in Mac OS X to slip a virus, worm, or “bot client” on it. In other words, jailbreaking the iPhone (which runs OS X) is essentially the same as breaking into a Mac (which also runs OS X). (I know the iPhone OS is a “subset” of the full OS X software, but the principle holds.)

My point isn’t to suggest that OS X’s security is weaker than that of Linux or Windows. After all, the definition of “weaker” is subjective and could be misleading. I’m merely suggesting (as I always do) that although historically there have been few malware infections on the Mac OS X platform, that doesn’t mean the platform is immune to malware. Mac users should take the same types of precautions that other computer users do, such as making sure their firewall is enabled (it is disabled by default in Leopard!), that they have current antivirus software running, do most of their work in “non-administrator” and “non-root” accounts, and be careful about what they download. The fact that there is a Mac botnet active on the Internet is evidence that some malware writers are targeting and exploiting the Mac platform. The bad guys have made use of this botnet to conduct a Distributed Denial of Service (DDoS) attack on certain web sites, so it’s not an idle threat. Make no mistake, there are people out there looking to exploit Mac users and gain control of their systems. Maybe there aren’t many, and maybe they’ve been quiet so far, but there may come a time when they become much more active and visible. You want to be proactive and prepared when that happens, rather than scrambling at the last minute to find tools to protect yourself. Some simple and inexpensive precautions now can protect you for years to come.

Writer Nick Farrell on the Fudzilla web site posted an item on March 30, 2009, indicating that Apple’s own lawyers appear to be using jailbroken iPhones. Farrell writes that “Looking at a patent application for the iPhone biometric security patent, Engadget worked out that they were looking at screen shots of a jailbroken iPhone. Yep, the lawyers who designed the iPhone patent clearly did not want to work with the telco that Steve Jobs told them they had to work with and had installed software which was deemed heretical in St. Steve’s sight.”

According to RCR Wireless’ Colin Gibbs, while Apple appears to be gearing up to use the Digital Millennium Copyright Act (DMCA) and other copyright law to make it illegal to jailbreak an iPhone or iPod Touch, the company should walk away from the fight. Gibbs reports that the Electronic Frontier Foundation (EFF) is lobbying the U.S. Copyright Office to alter the DMCA to allow users to jailbreak the devices and purchase applications other than the ones in the Apple App Store. Skype and Mozilla have joined in the battle as well.

Apple’s point is that in order to jailbreak the iPhone, it’s necessary to modify the phone’s “bootloader” code which starts the device. Modifying that code alone is reportedly an “infringing” activity that breaks copyright law, so Apple submits that this is reason enough to deny users to jailbreak their devices. Gibbs responds that “Apple’s earnestness would be easier to buy if it hadn’t kept such tight reins on its App Sotre. The EFF’s filing points to ebooks and other applications that have been banned from the App Store due to content deemed ‘objectionable,’ and cites two offerings that ‘remain in limbo, victims of unexplained delays in Apple’s ‘approval’ process.”

Gibbs also points out that while Apple denied a South Park app because it contained “potentially offensive” content, users can download entire episodes of the show (as well as the feature film, which is probably even more “potentially offensive” than the show) from iTunes and use them on the device(s). If the show’s episodes and feature film aren’t too offensive to ban from iTunes, why would an app based on the show be any more offensive? Perhaps it’s because the app would play clips from the show on the device, potentially cannibalizing sales of episodes via iTunes?

Gibb suggests that Apple could lose the fight if Congress takes notice and a politician “eager to play David vs. Apple’s Goliath” gets involved. He says “that’s the last thing Apple wants” (and he’s probably right).

Apple’s problem stems, I believe, from what Gibbs describes as wanting to “have its cake and eat it too”. They are trying to protect their relationship with AT&T Mobility by attempting to prevent malware or highly controversial content from garnering negative attention to Apple or AT&T. They probably also feel that this lockdown is necessary to preserve the “customer experience” with the iPhone in its default form. However, Apple has placed itself in the position of censor who decides what content is objectionable, what apps are acceptable, and a monopolist who decides what kind of competition it will allow. These are all positions that run counter to American culture. We generally dislike censors, being told what to do, and being unable to compete in business as we see fit.

This whole situation is being made worse because Apple has become something of a victim of its own success. According to Apple Insider, “Apple’s ability to process iPhone developer agreements is quickly turning into a minor crisis as what was once a smooth process is rapidly turning into a months-long backlog that threatens to keep new developers out of the App Store.” Apparently, developers are facing expired contracts or not-yet-approved contracts to distribute their apps in the iPhone App Store. Apparently, there “isn’t even a system by which Apple can renew its existing deals” with developers. Apple Insider reports that developers are questioning whether they should continue to produce iPhone apps in the first place.

I’m not suggesting that Apple should completely drop the review process (believe it or not). I think it’s appropriate for them to evaluate an application in the App Store to ensure that it isn’t some kind of malware, that it appears to run properly on an unmodified iPhone, and that it essentially does what it’s claimed to do. That level of “censorship” would be enough to protect customers from “rogue” or “crappy” applications in lieu of some form of free trial mechanism that allows users to run an iPhone app before paying for it. However, blocking an application because it competes with something Apple itself planned to do, because it contains content that someone at Apple finds “offensive”, or bypasses iTunes to put content on the device shouldn’t be Apple’s call. Hopefully the folks at the Copyright Office will see things the same way and support jailbreaking, so that Apple will be forced (for economic reasons) to loosen its death grip on the device(s).

Apple has “married” the iPhone and iPod Touch to its App Store. The only “official” way to load applications onto the iPhone/Touch is through the official Apple App Store. Unofficially, there are people who “jailbreak” the devices in order to load applications onto them that Apple doesn’t offer through the App Store. There is currently an argument brewing between Apple and others on the subject. The battlefield for this argument is the U.S. Copyright Office.

Apple says that existing “jailbreak” technologies all make unauthorized use of copyrighted code. Further, the Digital Millennium Copyright Act (DMCA) contains provisions against attempting to “unlock” copyrighted content that is protected by technical means, as the iPhone and iPod Touch are protected. Thus, Apple says, the very act of jailbreaking an iPhone or iPod Touch involves breaking copyright law and the DMCA, so it must therefore be illegal.

The Electronic Frontier Foundation (EFF) and Mozilla argue that jailbreaking the devices is actually a protected activity under fair-use doctrines, and that the Copyright Office should grant an exemption to users who jailbreak their phones.

A Mozilla represenative told Computerworld that “Given the choice, would we work on a platform where the sole company controlling it makes us unwelcome, or would we work on a platform, like Linux, where we are welcome? The answer is going to be easy for us.”

Earlier in the year, we predicted that the “cat and mouse game” involving unlocking of the iPhone to install unauthorized software and use unauthorized cellular networks would continue unabated through 2008.  We based that prediction in large part due to the fact that the iPhone runs a stripped-down version of Mac OS X, and Mac OS X’s security reputation hasn’t been the most solid lately.

It appears our prediction is correct.  According to The Register, iPhone hackers have posted the latest jailbreak tool on the Internet. The “iPhone Dev Team” released “Pwnage Tool 2.0.3.1″ which allows iPhone and iPod Touch owners to jailbreak their devices for use with third-party applications.

 Earlier in the year we predicted that the
“cat and mouse game” played between Apple’s iPhone
developers and the hacker community would continue unabated throughout
the year.  A teenage hacker has proven this to be the case by
unlocking Apple’s latest iPhone firmware, according to The
Register.

The same hacker who earlier turned
his iPhone hack into a Nissan 350Z and 3 8GB iPhones has again broken
the security on Apple’s over-hyped uber-phone.  George Hotz,
known by his hacker alias “GeoHot”, says that it took him a
24-hour stretch with 3 hours of sleep in the middle.  He found a
way to install his own custom-built code into a range of memory
addresses where security software is installed on the phone.  

Instructions are reportedly posted on iClarified and ModMyiPhone for
those who want to know how it’s done.

A while back, Steve Jobs said that it would be a “cat and
mouse” game between Apple and the hackers to keep unauthorized
applications off the iPhone.  So far, it seems that the hackers are
winning.  Apple has just released iPod Touch and iPhone firmware
1.1.2 and the hackers have already figured out how to
“jailbreak” the new firmware before most users have even
installed it.

According to the CNET News, the same people who
created the JailBreakMe program are responsible for this latest
crack.  (See
http://www.news.com/8301-13579_3-9814114-37.html)

Unless you’re paying no attention to the iPhone,
which is practically impossible given Apple’s constant barrage of
advertising and the media’s coverage of the device, you’re aware
that Apple chose to “lock” the device to work with only
AT&T’s network in the USA, and with specific carriers’
networks overseas. The only exception is France, where the French iPhone
is by default locked to the Orange network, but an optional
(higher-priced) iPhone version is available unlocked.

According to the New York Times, a class action suit filed against Sprint Nextel has been
settled in favor of the unlockers. If approved by the judge in the
case, the settlement will require Sprint Nextel to provide unlock codes
for the phones they sell so that they may be used on any cellular
network with compatible technology. For example, Sprint Nextel uses the
CDMA protocol, but so do Alltell and Verizon. Thus, an unlocked Sprint
phone could in theory be used with Alltel or Verizon.

Assuming that this case sets a precedent, class action suits against the
other US cellular networks could require them to provide unlock codes to
customers as well. This means that a suit against AT&T could require
Apple to unlock the iPhone whether it wants to or not. It could also
force Apple to negotiate service terms with other cellular carriers in
order to protect its iPhone service revenue stream.

According to a 13-year-old hacker, it’s possible to load third-party
applications on an Apple iPod Touch without a great deal of computer
savvy. An
October 14 CNet article says, “AriX sent us a press release Sunday
promoting iJailbreak,
an automated program that allows third-party applications to run on the
iPod Touch. It doesn’t work for the iPhone, and it’s only available
iPod Touch owners who are using Intel-based Macs.” The article says taht
“According to the press release, ‘the only user interaction required for
iJailBreak to work is to restart the iPod Touch using the button on the
top of the iPod. The application does the rest.”

The
iJailBreak.com web site says that “iJailBreak is an automated
jailbreaker for your iPod Touch licensed under the GNU General Public
License v2 written by 13-year-old AriX. The only user interaction
required is for you to restart the iPod Touch. Works on Macintel OS X
Tiger. PPC version is in the works. iJailBreak is heavily dependent on
Niacin and Dre’s awesome tiff hack, you can find them at toc2rta.com. They really
started the whole iPod Touch hacking scene. iJailBreak also makes heavy
use of iPhuc, which you can find on Google Code.”

Steve Jobs was correct when he said that
keeping the iPhone locked down would be a “cat and mouse” game between
Apple’s engineers and the hacker community. Round 1 went to the hackers
for freeing the phone up very quickly after release. Round 2 went to
Apple for disabling the hacks and “bricking” some phones. Round 3
goes to the hackers, for finding a way to unlock the updated phones
and, it seems, even “unbrick” them.

From the outside, and
the perspective of someone who has no desire to own an iPhone, I can
watch this battle with amusement and detachment because I have no stake
whatsoever in it. I like seeing the hackers win a round, though, not so
much because of the fact that it means they get to keep using their
iPhones the way they want (though I do appreciate that), but more
because it confirms what I’ve already known about Mac OS X.

What’s that? Well, it’s well known that the iPhone runs OS X, or at
least some variant of it. This is the OS X that Apple’s web
site describes as “rock-solid”, “stable”, having “the highest level
of security”, and an “intelligent design [which] prevents the swarms of
viruses and spyware that plague PCs these days.” So, if this is a
rock-solid, stable, secure OS that can prevent swarms of viruses and
spyware, why is it that hackers are able to bring it down with a simple
web page (http://jailbreak.toc2rta.com)?
(And I really don’t want to hear anything about how it’s “Safari”
they’re bringing down, not OS X. Would you cut Microsoft a break because
Internet Explorer allowed Windows to be compromised? Oh wait, it can…)

Seriously, folks. The iPhone, since it theoretically runs
only Apple-authorized, Apple-QA’d, Apple-secured, Apple-tested,
Apple-written code, should be Apple’s most secure device. Apple has full
control of the hardware. It has full control of the software. It has
complete control of how that software is configured on the device, and
of the OS on which it’s running. It should be, at least in theory, a
much tougher target for a hacker than a desktop or laptop Mac. That
should be even more true since Apple knows hackers are gunning for the
device, and the risks of someone gaining complete control of it
(Internet access, ability to control the microphone, the camera, the
user’s personal data, etc.) are very high. The iPhone should represent
the epitome of Apple’s security and control efforts… and perhaps it
does. Yet a handful of determined hackers need only a few days to bring
it down.

I’m not saying Windows is better. We all know
there are plenty of Windows exploits. I’m not even going to take Linux’s
side here and say its security is better, though I suspect it is. All
I’m telling you is that the iPhone should represent Apple’s best efforts
at Mac OS X security, and that security is being ripped apart in mere
days by hackers. If that’s “the highest level of security” we as
consumers can hope for, maybe it’s time for a newer, better OS to enter
the playing field because security out here sucks…

Wired Magazine has set up a “Jailbreak your iPhone” wiki, for
those of you with an iPhone who are willing to risk the wrath of Apple
and AT&T to open your iPhone to other networks. While we certainly
don’t advocate doing so, we can definitely understand WHY customers
would want the freedom to work with another carrier and develop their
own software for the iPhone.

Here’s the link for those of you who are
interested…

In his article “Apple reminds customers who’s boss ,” Bill Ray of
The Register tells us that Apple has issued a notice that unlocked
iPhones could incur permanent damage when the firmware is updated, and
that the damage won’t be covered under warranty. Ray tells us “Users may
feel confident that they can always re-flash their iPhones using iTunes,
but even that requires a working kernel (minimal OS) on the phone -
damage that and you’ve got a Jesus doorstop.”

Ray also
reports that “Engineers inside O2, the UK operator deploying the iPhone
in November, are under the impression that Apple will be able to re-lock
the phones to their network when they’re updated, but that will depend
on the unlock process used and if Apple can be bothered to apply the
resources needed to reverse it.”

Jason Chen of Gizmodo.com
says that the hacks are a good thing. He says that in order to
convince customers to apply the firmware updates, Apple will need to
include must-have features in each update. Chen tells us “if anything,
the unlocking cat and mouse game should push Apple to make a lot more
innovation, and quicker. A good thing, when you consider that the best
iPhone innovations in the last few months are not the web apps or
official Apple updates, but the third party hacks.” What we here at The
Mac Sucks wonder about is this… If the best innovations in the iPhone
AREN’T the ones coming from Apple (and we trust Chen’s opinion on this),
what does this say for the open source competition to the iPhone, such
as the OpenMoko
The OpenMoko is a Linux-based touchscreen phone similar (but by no means
a clone) to the iPhone.

If people are willing to take the
time and effort to figure out the undocumented APIs in the iPhone, port
various applications over to it from the open source world, add
interesting features to the iPhone, etc., won’t they be willing to do
the same for the OpenMoko? And since the OpenMoko is, by definition,
“open” from the outset (with documented APIs, established development
tools, an OS with a long history of stability (at least compared to the
iPhone), etc., might the OpenMoko be able to “out-innovate” the iPhone
pretty quickly? We’ve been watching the device very carefully because we
believe it has the POTENTIAL (which we acknowledge is most definitely
not yet delivered) to outshine the iPhone in terms of features and
functionality. Why? Here are a few reasons to spark your thinking:

• The price of the Developer Kit
  for the OpenMoko is currently $450, with the phone itself priced at
  $300. That’s already competitive with the iPhone, and these are just the
  prototypes. When the phone is in mass-production mode, the price is
  likely to drop substantially, placing it well below the iPhone.
• Even though it’s not yet a fully functional phone platform, OpenMoko
  has sold out. The iPhone certainly hasn’t sold out.
• Because
  it’s Linux-based, the OpenMoko should be able to “acquire” almost any
  open source application you can imagine using on it. That includes
  obvious examples like FireFox (which blows Safari away), Opera, Mozilla,
  Netscape, Thunderbird, OpenOffice, and a variety of others. While these
  can likely be ported to the iPhone, it will probably be easier and
  faster to port them to the OpenMoko platform.
• The OpenMoko
  won’t be locked to AT&T or any other carrier.
• The OpenMoko
  won’t be locked to iTunes for synchronization and update.
• The
  OpenMoko (being open source and available to ANY handset maker) will
  start off with built-in competitors, who will have to work to
  differentiate their handset based on pricing, features, and
  functionality. Apple is the only iPhone maker.
• The OpenMoko
  development tools and APIs will be available to anyone, not just handset
  makers, allowing for a rich array of third-party software.

The OpenMoko developers describe the phone as being in a
“pre-alpha” state right now, with suitability for use as an
“everyday phone” happening in October 2007 “at the soonest, and probably
later” though “it is now possible, with some work, to use the phone for
short periods of time using the Qtopia project’s root images. These
images …[snip]… let one send and receive calls, use contacts, and
other basic tasks.”

According to PCWorld.com, a firm named Uniquephones
in Northern Ireland (like the Israeli hackers mentioned here earlier and
a teenager the Boston Globe reports on) has
developed software to unlock the Apple iPhone. They had planned to
release it, but have delayed indefinitely following a phone call
purporting to be from Apple and AT&T’s legal representatives,
giving him “friendly advice” not to release the software. The
software would have allowed the iPhone to be unlocked so that it could
work with SIM cards from carriers other than AT&T. Although the firm
has had a successful business offering similar software for phones from
other manufacturers, they’re afraid that a lawsuit could put them
out of business.

The sad part is that it’s only a
matter of time before the techniques for unlocking this phone become
widely dispersed on the Internet. All Apple and AT&T have done is
delay the inevitable. If people want the iPhone and don’t want
AT&T service (which is a theme we see in a lot of iPhone articles),
they’re going to find a way to enable it. Apple and AT&T should,
in this site’s opinion, leave Uniquephones alone just like the other
handset manufacturers do. But then again, Apple likes to spend money on
lawyers, it seems.

According to the China View news site, three Israeli computer
engineers have managed to crack the restrictions on the Apple iPhone
that prevent it from working only on the AT&T network in the United
States. They claim that “practically anyone could do it”
though it did take them some time to sort out. They even managed to add
a Hebrew interface.

Once again, we remind you that the
iPhone is based on Mac OS X, which Apple touts as being more secure than
Windows or Linux. If that were true, would it have taken hackers so
little time to compromise the security on the iPhone, which Apple has
tried to lock down even more than their desktop OS? What does that tell
you about the REAL security level of OS X?