Tag Archive: iPhone Unlocking Chilliwack


Apple Is Beta-Testing A Fix For Evasi0n Jailbreak

All good jailbreaks must come to an end.

Late last week Apple released an update for iOS to developers in beta that prevents the use of the popular jailbreak software evasi0n, according to one of evasi0n’s creators who tested the patch over the weekend, David Wang.

Wang tells me that he’s analyzed the 6.1.3 beta 2 update and found that it patches at least one of the five bugs the jailbreak exploits, namely a flaw in the operating system’s time zone settings. The beta update likely signals the end of using evasi0n to hack new or updated devices after the update is released to users, says Wang, who says he’s still testing the patch to see which other vulnerabilities exploited by the jailbreak might no longer exist in the new operating system.

“If one of the vulnerabilities doesn’t work, evasi0n doesn’t work,” he says. “We could replace that part with a different vulnerability, but [Apple] will probably fix most if not all of the bugs we’ve used when 6.1.3 comes out.”

That impending patch doesn’t mean evasi0n’s time is up, says Wang. Judging by Apple’s usual schedule of releasing beta updates to users, he predicts that it may take as long as another month before the patch is widely released.

When evasi0n hit the Web earlier this month, it quickly became the most popular jailbreak of all time as users jumped at their first chance to jailbreak the iPhone 5 and other most-recent versions of Apple’s hardware. The hacking tool was used on close to seven million devices in just its first four days online.

Despite that frenzy, Apple has hardly scrambled to stop the jailbreaking.  Evasi0n has already gone unpatched for three weeks. That’s far longer, for instance, than the nine days it took Apple to release a fix for Jailbreakme 3.0, the jailbreak tool released in the summer of 2011 for the iPhone 4, which was by some measures the last jailbreak to approach Evasi0n’s popularity.

Apple’s slow response to Evasi0n is explained in part by the relatively low security risk that the tool poses. Unlike Jailbreakme, which allowed users to merely visit a website and have their device’s restrictions instantly broken, Evasi0n requires users to plug their gadget into a PC with a USB cable. That cable setup makes it far tougher for malicious hackers to borrow Evasi0n’s tricks to remotely install malware on a user’s phone or tablet.

Security researchers have nonetheless pointed out that Evasi0n could give criminals or spies some nasty ideas. The tool uses five distinct bugs in iOS, all of which might be appropriated and combined with other techniques for malicious ends. And F-Secure researcher Mikko Hypponen points out that if a hacker used a Mac or Windows exploit to compromise a user’s PC, he or she could simply wait for the target to plug in an iPhone or iPad and use evasi0n to take over that device as well.

More likely, perhaps, is a scenario described by German iPhone security researcher Stefan Esser. He argues that a hacker could use a secret exploit to gain access to an iPhone or iPad and then install evasi0n, using the jailbreaking tool to hide his or her tracks and keep the secret exploit technique undiscovered by Apple and unpatched. “That way they protect their investment and leave no exploit code that could be analyzed for origin,” Esser wrote on Twitter.

Apple already has a more pressing security reason to push out its latest update. The patch also fixes a bug discovered earlier this month that allows anyone who gains physical access to a phone to bypass its lockscreen in seconds and access contacts and photos.

When Apple’s update arrives, the team of jailbreakers known as the evad3rs may still have more tricks in store. Wang tells me that the group has discovered enough bugs in Apple’s mobile operating system to nearly build a new iOS jailbreak even if all the bugs they currently use are fixed.

But then again, Wang says he hasn’t yet been able to check Apple’s patch for every bug it might fix–either the ones evasi0n employs or those he and his fellow hackers had hoped to keep secret for their next jailbreak. “If they patch most of the bugs,” Wang says. “Then we’re starting from scratch.”

Ryan says:  We’re offering our customers the opportunity to Jailbreak their iPhone 5 for FREE until the end of March! – Call Ryan to book an appointment!

Source: Forbes

Blacklist created to fight smartphone theft

Canada’s wireless carriers are targeting smartphone theft by setting up a database that will blacklist lost or stolen phones to prevent them from being reactivated.

The move would also help protect personal data on such devices, the Canadian Wireless Telecommunications Association said Thursday.

Smartphones are worth $600 to $700 and can be resold on the black market, noted association president Bernard Lord.

“With this database, it makes that a lot less attractive because the buyer of the stolen phone will not be able to connect to any network in Canada,” Lord said from Ottawa.

“It eliminates the incentive for stealing a device.”

The idea is also to reduce the black market value of a smartphone in the eyes of criminals, Lord added.

Once consumers call their wireless carrier to report their smartphone lost or stolen, the device’s internal identification number goes on the electronic blacklist.

Lord said even though more smartphones are lost than stolen, law enforcement officials have raised concerns about the issue.

The database for the Canadian wireless industry will be up and running by September 2013 and Canada’s carriers will also be contributing to an international database to help prevent smartphone theft, he said.

However, consumers who have their smartphones lost or stolen are “not off the hook” for paying their smartphone contracts.

A website will also be set up by the association to help consumers protect their smartphone data and help protect themselves from theft.

Lord said the smartphone’s ID number — called the international mobile electronic number — will be verified by carriers to make sure the device has not been lost or stolen.

The Canadian Radio-television and Telecommunications Commission congratulated the wireless industry for the initiative, but would like the database running sooner rather than later.

“I would strongly encourage the industry to implement the database before September 2013 to ensure Canadians benefit from this added protection as soon as possible,” chairman Jean-Pierre Blais said in a statement.

The creation of a database and collaboration to make sure stolen or lost devices aren’t reactivated will help make them less desirable to thieves, Blais said.

“The CRTC has been concerned for some time about reports of an increase in crimes involving lost or stolen cellphones.”

Telus said while the wireless industry, law enforcement, and regulators all have a role to play, smartphone users need to think about where they’re buying their devices.

“We ask consumers to reconsider buying phones on sites like eBay, Craigslist, or Kijiji and instead buy their devices from a verified dealer,” Telus spokesman Shawn Hall said.

“If you buy a phone from Craig’s List it might be legitimate, but it could be stolen and then you will likely be unable to get it activated,” he said.

Smartphone use in Canada is among the highest in the world and penetration has exceeded 50 per cent, Lord said.

Canada’s wireless industry will spend about $20 million on the initiative, he said.

The United States is also taking steps and will have a similar database to fight the black market for smartphones in November 2013, Lord said.

Ryan says:  This should change the market in the way deals are made on classified for sale sites.  Phones will be checked first to see if they work properly before buying.  New tricks will be implemented ie. IMEI / IMSI masking so I do not see this as a long term solution for blacklisting phones but its a move in the right direction.

Source:  CTV News