Hacker cracks Apple's latest iPhone 3GS security measures
In October, Apple unexpectedly began shipping new iPhone 3GS models to ward off hackers who run unauthorized software in a practice known as "jailbreaking." In addition to unlocking the handset for use on other carriers, the practice can also be used to run unsigned code.
Hacker George Hotz this week released "blacksn0w," a combination jailbreak and unlock tool that works for the iPhone 3G and iPhone 3GS. The free software is noteworthy because it is the first known successful jailbreak and unlock for the iPhone 3GS with iPhone OS 3.1.2 and baseband 05.11.07.
Apple updated the BootROM for the iPhone 3GS to iBoot-359.32 in with a mid-cycle hardware release in October — the first time ever that the handset maker had modified its hardware in the middle of a product line, without a new model released.
Hotz is a teenager who made headlines two years ago when he was the first to successfully unlock Apple's original iPhone all by himself. This summer, he also released the first jailbreaking tool for the iPhone 3GS.
Prior to the new BootROM, hackers relied on an exploit known as "24kpwn," which allowed users to run unauthorized code on the OS. But the latest update had prevented that exploit.
The latest hack for the newly updated iPhone 3GS hardware is not as seamless as some previous exploits. The blacksn0w software applies what is known as a "tethered jailbreak" for the October-and-later iPhone 3GS (and latest iPod touch), meaning users cannot perform a hardware reset of the phone without connecting it via USB cable to a computer. Users of an iPhone 3G or iPhone 3GS sold prior to the latest hardware upgrade are said to be able to restart without the tethered jailbreak.
Apple and the jailbreaking community, led by Hotz and a separate group of hackers known as the iPhone Dev Team, have gone back and forth for some time, as the Cupertino, Calif., company has looked to close avenues used by hackers. One of the main concerns about jailbreaking is piracy, as the procedure can allow users to steal software from the App Store.