Apr 29 2021

Jailbreak or Jail – Is Hacking for the Government A Crime?

Category: Jail breakDISC @ 7:45 am

After the horrific shooting in San Bernardino, California, federal law enforcement officers seized the now-dead suspect’s iPhone, and sought to examine it. However, the phone was “locked” using proprietary hardware and software from Apple. The government sought a court order (under the All Writs Act — an 18th century statute) compelling Apple to develop and implement a process to break their own security, and to provide to the FBI the unlocked and unencrypted contents of the iPhone.

After much legal wrangling, the FBI backed down. A recent report in the Washington Post indicates that the reason the FBI backed down is that they were able to turn to a “white hat” hacking company in Australia, Azimuth, to “jailbreak,” or unlock, the phone for them. Cool, cool. In fact, for the most part, that’s what is supposed to happen. Companies attempt to design and implement secure software, hardware, networks and applications, and governments (oh yeah, and hackers, too) attempt to find and exploit weaknesses in them. They put it on the bill, I tear up the bill. It’s very convenient.

It is certainly a more desirable outcome than requiring companies to deliberately crack or, even worse, weaken their security so that a government agency can bypass that security, or compelling the manufacturer or software developer to spend considerable development time and effort to undo its own security.

And that’s the problem with good security – when it works, it’s good. So, was it legal for Azimuth to jailbreak Apple’s devices, and then sell the jailbreak to a government agency? Magic 8 ball says, “Situation hazy; ask again later.” There are several statutes involved here. First and foremost is the Computer Fraud and Abuse Act (CFAA). The statute has many parts, but it makes it a federal crime to exceed authorization to access a computer and obtain information. Generally, to access a computer means to use it; to obtain information was supposed to mean to steal data, but it could also mean just to learn something. And, while a modern cell phone is certainly a “computer,” it is not clear that phone software, apart from the phone (or running on a virtual machine), is a “computer.”

But, assuming that the phone is somehow “accessed” and “information” (like a vulnerability) is “obtained,” we are left with trying to parse what it means to “exceed authorization.” That’s where we get into Apple’s terms of service and terms of use. You know, the hundreds of pages of license agreements you find if you go to Settings -> General -> About -> Legal and Regulatory -> Legal Notices -> License. You know, the stuff you always do when you use the phone, amirite?

You see, you don’t actually own your phone. Well, you kinda own part of it, but the software that makes it work is licensed to you by Apple and others subject to the software license agreement (SLA). Violate the SLA, and you are using (accessing) your own phone “in excess of authorization.”

government HackerOne IBM data security

Ten Commandments To Secure Your iphone!

Ten Commandments To Secure Your Iphone! (gavrielhani) by [Gavriel Hani]

Tags: Jail Break

Mar 02 2021

Pwn20wnd released the unc0ver v 6.0 jailbreaking tool

Category: Jail breakDISC @ 4:40 pm

The popular jailbreaking tool called “unc0ver” now supports iOS 14.3 and earlier releases, and is able to unlock almost every iPhone device.

Pwn20wnd, the author of the jailbreaking tool “unc0ver,” has updated their software to support iOS 14.3 and earlier releases. The last release of the jailbreaking tool, unc0ver v6.0.0, now includes the exploit code for the CVE-2021-1782 vulnerability that Apple in January claimed was actively exploited by threat actors.

Jailbreaking an iOS mobile device it is possible to remove hardware restrictions implemented by the Apple’s operating system, Jailbreaking gives users root access to the iOS file system and manager, this allows them to download and install applications and themes from third-party stores.

Apple did not disclose info about the attacks in the wild exploiting this vulnerability.

The CVE-2021-1782 flaw is a race condition issue that resides in the iOS operating system kernel.

“A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory. “A race condition was addressed with improved locking.”

unc0ver v6.0.0 could be used to unlock any device running iOS 11.0 through iOS 14.3, below the announcement made by Pwn20wnd on Twitter.

Tags: Jail Break, Pwn20wnd

Jan 23 2019

Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X

Category: Jail breakDISC @ 9:24 am

Here we have great news for all iPhone Jailbreak lovers and concerning one for the rest of iPhone users.
A Chinese cybersecurity researcher has today revealed technical details of critical vulnerabilities in Apple Safari web browser and iOS that could allow a remote attacker to jailbreak and compromise victims’ iPhoneX running iOS 12.1.2 and before versions.

Source: Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X

Tags: Jail Break