Sunday 1 May 2011

Latest iPad security threat: fake jailbreak code

By  John Cox

Fri, 29 Apr 2011

An anonymous coder is messing with the heads of jailbreakers – the folks who develop and run code that lets your Apple iOS device load applications without having to rely solely on the company’s iTunes service.  The twist: this code, by design, fails to jailbreak your iPad.

Someone with the Twitter handle @d0nfyxn, whose profile only says he is from Montreal, posted on Saturday what he claimed was an iPad 2 jailbreak, called A5-2LiB02, along with a YouTube video purporting to show it in action. Both the tweetstream and his own Facebook page for the jailbreak show early skepticism and then a mounting fury of denunciation.

Someone who really is a jailbreaker, a hacker and member of the iPhoneDevTeam who uses the handle @MuscleNerd, tweeted: “The fake JB [jailbreak] by @d0nfyxn was designed to fail: http://is.gd/LiAM1J (it could have been worse and wrecked your files)”

In response, d0nfyxn tweeted to MuscleNerd: “It was a test, people are too naive, long life to the dev team ... sincerely.”


Based on @d0nfyxn’s tweetstream, he seems to have begun posting on April 23, linking to videos and images purporting to show the jailbreak working successfully. Within two days he was defending his posts, insisting the video was not a fake but that the jailbreak code was very unstable. On April 25, he tweeted “I thought all that stabilize but not yet. Beta expected this week.” But the next day, he tweeted, “Release alpha version tomorrow ...”

The code apparently was designed to run on a Microsoft Windows PC, and enough people downloaded it that MuscleNerd tweeted: “I'm astonished how many Windows users are rushing to run a random EXE from known JB fraudster (malicious payload possible)”. Jailbroken devices are by definition open to “unofficial” apps, which could be everything and only what they claim to be, but could also conceal a variety of malware attacks. In theory, requiring developers to pass muster, meet standards, and publish apps only through a vendors online catalog provides a level of protection for end users.

MuscleNerd reminded hackers and users that “The only iPad2 JB to date is @comex from that first week” (comex is another well-known hacker and iPhoneDevTeam member), but added “that initial JB isn't suitable for a general release. It was proof of concept for parts of it.”

The reactions on d0nfyxn’s Facebook page, by other Facebook users, range from baffled naiveté, through chilling threats, to obscene denunciation.

One user, David Borges sounded pleading: “Can someone just post screenshots with proof that it works, with a decent video with no tricks with cydia working and all that? is it so hard? Rghh”
Another user wrote “this exe has nothing jb related in it!!! why would you waste your time doing all this BS??? find something better to do dude!”

“You bring shame to the jailbreak community. Get a life man,” posted iPhoneBlogr.  

“Hahaha why would a person go to the trouble of screwing with us I mean you did see what happened to Sony right?” was one comment posted by Kevin Lepp, referring to the notorious, and still-unfolding, hack of Sony’s PlayStation Network

Source: Macworld UK

No comments:

Post a Comment