back to article iPad security broken in less than 24 hours

Apple's iPad has already been jailbroken, using a variation of the iPhone method and demonstrating just how much the two devices have in common. The hack was completed in less than 24 hours. In theory it enables the owner to install everything from Wi-Fi scanners to pornography - applications Apple disapproves of - though for …

COMMENTS

This topic is closed for new posts.
  1. DrXym

    I wonder why people would pay for subscriptions

    ... when the content is available over the web for free. The natural next step for these content providers is to start discriminating against iPads based on their browser user agent to force them pay. Isn't life in a golden cage a wonderful thing?

    1. Anonymous Coward
      FAIL

      RE: I wonder why people would pay for subscriptions

      You mean something like detecting if the UserAgent contains "IE"? Why single out the iPad here? It's just retarded.

      1. DrXym
        WTF?

        Trivial

        It's trivial to change the user agent string on a PC, just by using a different browser for example, or via a simple extension which does it for you. Some browser even let you change the setting such as in Mozilla via about:config.

        Now let's see you try that trick in the iPad golden cage where you get exactly one locked down browser to choose from. It would be simple for a content provider to lock out iPad users, or deliver them a subpar browser experience to push them towards buying the same content. Face it, you're Apple's bitch and you'd better like anything they or their content provider's do because you don't have much choice in the matter.

        1. Blain Hamon
          Boffin

          Minor point

          While I have to agree it's not trivial, it's doable to a degree. There are several web browsers for iPhone available, admittedly using Apple's webkit under the hood. And the ability to set the set the user agent in an HTTP request is documented. So in theory, a web browser would be able to spoof the user agent and make it to the app store or may already be there.

          Of course, if you're using an HTTP proxy in the middle, this is all moot as the HTTP proxy could change the user agent regardless of the final device.

  2. powertoaster

    getting stuff for free

    "but we suspect it's attributable to the early adopters being used to getting stuff for free", I am curious about this statement.

    Why do you suspect that people are not paying for these subscriptions for this reason vs. the more obvious and logical reason; that these subscriptions do not provide a reasonable value proposition to the user?

    1. Mike Cardwell

      Re: getting stuff for free

      Especially given that the early adopters are in general, likely to be people with more money than sense...

    2. TeeCee Gold badge
      WTF?

      Re: getting stuff for free

      "... these subscriptions do not provide a reasonable value proposition to the user?"

      Isn't that "people won't pay for stuff they're used to getting for free" translated into weasel words?

      Are you in marketing?

      1. chr0m4t1c

        Not exactly

        Based on what has happened elsewhere with media, the subscriptions probably costs more than the dead-tree version of the periodical.

        They then have the advantage of you being unable to tear out or photocopy an article you want to archive and keep. Did I say advantage? That may not be the correct word.

        Also, if you already get something regularly enough to subscribe to it then you're unlikely to want to buy a second overlapping one just to get it in a different format. Maybe they should consider offering discounted or free subs to existing subscribers - but that would involve some kind of joined-up thinking.

        1. I didn't do IT.
          Boffin

          Exactly

          ... and those that get the "dead tree" version already get the online one included.

          This is about new subscriptions.

  3. Anonymous Coward
    Headmaster

    If was Sony it would taken years I tell you

    Wow, it shows this should only left to professionals ie Sony Playstation 3. It taken years and years to crack and still holding up, just holding up.

    PS just for laught in google do search for

    only left to professionals

  4. Anonymous Coward
    Anonymous Coward

    It's not that Apple disapproves of WiFi scanners per se

    but that all the WiFi scanners which were recently removed from the App Store were using an undocumented API, which, as we all know, is contrary to the terms of use of the SDK

    1. Anonymous Coward
      Coat

      Undocumented API Outrage

      ... and yet the API was still one provided by Apple; they just didn't want the plebs sullying up their toys.

      Icon - lots of niftiness to find "undocumented" in them thar APIs!

      1. Rod MacLean

        RE: Undocumented API Outrage

        You mean like on Amiga Workbench 2.0 and 3.0 where all kinds of software didn't work because the developers had expioted functionality which wasn't in the API and which was then changed before the next release (where it WAS in the API)...

        There's a reason some things are left hidden, you know!

  5. Paul Shirley
    Flame

    rushed into production

    Let's face it, the iPad is Apple panicking. Android tablets started popping up and Apple suddenly upsizes the iPhone... without waiting to remove all the phone specific stuff. Cue apps trying to get GPS fixes and other stupidity.

    Seems most normal punters are just smart enough to wait for Apple to finish the job, or more likely can't understand why a bigger but less functional iPhone is better than the one already in their pocket. Truly just a geek toy right now.

    1. Robin

      re: rushed into production

      "Let's face it, the iPad is Apple panicking. Android tablets started popping up and Apple suddenly upsizes the iPhone"

      Shirley you can't be serious?

      1. Anonymous Coward
        Badgers

        The title is required, and must contain letters and/or digits.

        He is serious, and don't call him Shirley.

        Sorry, someone had to post this.

        1. Anonymous Coward
          Thumb Up

          You beat me to it!

          Damn - a great line from the movie, Airplane (showing my age now!).

    2. Bizlaw

      Are you kidding?

      Paul, Apple doesn't rush products into production. That's one of the reasons Apple pulled out of Macworld – it didn't want to be held to artificial product introduction deadlines.

      Apple frankly has shown little concern over iPhones being jailbroken beyond tossing a few more barriers into the mix when an update comes out. Why? Because most people have not need to jailbreak their iPhones/iPods/iPads. The vast majority of people can get the functions they need from an existing app and not have to worry about downloading a virus, having a systems crash, etc. Most iPhone users probably don't even know they could jailbreak their iPhone, and if they looked up how to do it, quickly slam their browser window shut and go back to happily playing their games.

      There will always be a small number of geeks who want to hack anything they're not supposed to hack, just so they can say they did it and maybe install some porn or change the OS theme. So Apple lets them have their fun, ignores it, and it goes away very quickly.

      1. John 104
        Thumb Down

        What world?

        Do you live in?

        How quickly you forget all the "updates" to the iPhone when it was hacked. Apple is VERY concerned about their property being hacked. (yes it's their property, you are just leasing it and don't know it). Whether or not this was rushed is hard to say. What is evident though, is that this is a solution looking for a problem and it is falling flat on its face.

    3. Anonymous Coward
      Anonymous Coward

      (see parent posting for title)

      > Cue apps trying to get GPS fixes and other stupidity

      Apps on the iPod Touch do this too - they use WiFi hotspots to get the location (which often works, sometimes very well).

      People should think of the iPad as a large iPod Touch, not iPhone.

  6. A J Stiles
    FAIL

    Funny choice of words

    Allowing users to choose what runs on their own computer is not "security broken", it's "functionality mended".

    My home = I decide who comes in and out.

    My computer = I decide what runs on it.

    1. Anonymous Coward
      Welcome

      But...

      It's NOT a computer, any more so than your TV or your remote control. It's an appliance. Do you hack your toaster? Jailbreak your fridge? Do you restore the "functionality" of your lawnmower by adjusting the governor? Admittedly, some of these things are fun, and utterly worthwhile -- to about .001% of the population. The rest of us are generally happy to get along with things that work the way they should (unlike, say, brobdignagian operating systems that are saddled with decades of legacy code -- kludged together to run on any hardware, provided that all the settings are properly established in just that order and....)

      Funny thing is, I've heard this kind of furor before -- from those who derided synthesizer presets, from those who bemoaned the death of DIP switches, from those who bought CoTS software (rather than writing their own), from those who scorned the GUI, from those who lost access to source code, from those who could no longer fix their own cars, from those who could no longer wire their own houses, from those who longed for manual film cameras...

      These are tides of change. That doesn't mean the tides are right, or the plaintiffs are wrong -- things just are. It's an appliance.

      1. DrXym

        It's a funny kind of appliance

        "It's NOT a computer, any more so than your TV or your remote control. It's an appliance. Do you hack your toaster? Jailbreak your fridge? Do you restore the "functionality" of your lawnmower by adjusting the governor? "

        Does my toaster force me to install the latest mandatory update? Does my toaster only toast bread purchased at Tesco? Does my toaster require I return it to the manufacturer to change a fuse and risk getting somebody else's manky refurbished toaster? Does my toaster actively try to stop a user from subverting any of these "features"?

        Make all the excuses you like about it being an appliance but it does not excuse what Apple is doing. There is no technical or usability reason to lock down the device in this way. A device can be usable and open, as evidenced by OS X for example. The only reason the device is locked down is because Apple want users to pay Apple for their content, be it music, videos, books or apps. Perhaps from a shareholder's perspective this is a good thing, but it most certainly is not from a user perspective.

        1. Anonymous Coward
          FAIL

          RE: It's a funny kind of appliance

          "Does my toaster force me to install the latest mandatory update? Does my toaster only toast bread purchased at Tesco? Does my toaster require I return it to the manufacturer to change a fuse and risk getting somebody else's manky refurbished toaster? Does my toaster actively try to stop a user from subverting any of these "features"?"

          No, but my home recording studio does all of those things.

          Does that mean it's a computer? It can read/write CDs, it has it's own operating system and I can update it...

          "There is no technical or usability reason to lock down the device in this way."

          SECURITY - this device is NOT a personal computer as we know it. It's designed for the common-or-garden pleb with no idea of security. Taking the matter out of his hands is a great idea!

          "The only reason the device is locked down is because Apple want users to pay Apple for their content, be it music, videos, books or apps."

          Have you bothered to read anything at all about the iPad other than Apple decide what apps are on the store? Didn't think so!

          1. DrXym

            Desperate reaching

            "Does that mean it's a computer? It can read/write CDs, it has it's own operating system and I can update it..."

            I never claimed the iPad was a computer in the traditional sense. I was merely pointing out that the apologist's line that it needed to be a closed system because it was an appliance was completely absurd.

            "SECURITY - this device is NOT a personal computer as we know it. It's designed for the common-or-garden pleb with no idea of security. Taking the matter out of his hands is a great idea!"

            Even more absurd. OS X has perfectly adequate security, as does Windows 7 for that matter. Both prevent user space apps from trashing system files, or doing things that can disrupt the stability of the OS. What security are you even talking about? It would be trivial to bury malicious content in an Apple authorized application. They don't conduct line by line security reviews after all so something could compromise the device, or send private information somewhere whether it was downloaded from the app store or not.

            And before you hide behind the pathetic "it's an appliance" excuse, I'll point out Android also manages to be more open too. If you want to run untrusted apps in Android you throw a switch in an advanced setting. Whee, that was difficult. Imagine that, a phone / pad operating system that doesn't treat customers like naughty children or prisoners.

            Want to know how Android manages to be secure yet allow untrusted content? By using fine grained security controls, a virtual machine and by default only granting each application access to their own files.

        2. Rolf Howarth

          Being locked in

          "Does my toaster only toast bread purchased at Tesco?"

          Do you hack the firmware in your printer so it accepts generic cartridges? Do you hack your Sky Plus box so you can run your own EPG?

          "The only reason the device is locked down is because Apple want users to pay Apple for their content, be it music, videos, books or apps."

          Except you can buy music from Amazon or your local music store, download books in ePub format, use Handbrake to rip DVDs, "purchase" free aps from their store, buy and view as much smutty porn as you want off the web, etc. And Apple don't stop you jailbreaking your phone if you want to.

          Apple do care about the overall user experience though. They know that with the exception of a few technogeeks, most people don't care one bit about lofty ideals like openness and just want something that works.

          They also don't want other companies to profit at their expense off the back of an ecosystem they've built up. They don't sue sites that tell you how to install Mac OS X on a PC as a personal project, they do sue companies that try to sell the result at a profit. They don't stop you downloading an MP3 from another vendor and using iTunes to copy it to your iPod, they did stop Palm's laughable attempts at freeloading the iTunes infrastructure to support their own player.

      2. Anonymous Coward
        Heart

        RE: But...

        At last, the voice of reason. I'll bet 1 shiny new pence that his comment gets voted down by Mac and Windoze fanbois alike!

      3. MD Rackham

        Synthesizer Presets

        >who derided synthesizer presets

        Give me patch cords or give me death.

        If we weren't meant to patch, god wouldn't have made 1V = 1 octave.

        1. M Gale
          Coat

          Completely irrelevant rambling

          Big up the CV/Gate posse?

          Unfortunately, if god made 1V/1 octave, there are several other minor deities who decided on other meanings of what a volt does. Hence why MIDI got made.. it prevented a Microsoft of Synthesizers happening, you know! Still, there's a certain charm to rigging function generators and filters together with your own wiring.

          And as for synthesizer "presets".. anyone noticed the big swing towards "digital analogue" synths that happened a few years ago? This was after various musicians decided that the 30 year old analogue Korgs with the big sliders and knobs were much more "giggable" than the newer models that wanted you to go through umpteen menus and button presses in order to change a sound. Now it's all gone to sliders and knobs and real-time twiddlability again.. albeit, with the digital advantage of being able to store said knobs' positions. ;)

          What has this to do with the article? Not much! Oh well. Mine's the one with the Yamaha AN200, Novation K Station and Evolution X-session in the (very large) pockets.

    2. JShel
      Alert

      Yes an appliance

      It should be fine for its purpose. I'd love to sit out back on a cool evening, and be able to do some browsing/reading, drink at hand.

      You complaint sounds typical of the folks that do not understand that some products are focused on doing particular tasks, and are not supposed to be all things to all people. Have you ever wondered why you can't buy a riding cooker.

      If you have to though, you you can always do your own genius hacks like this ;

      http://www.youtube.com/watch?v=p9bvUIbKlkk

      1. Lou Gosselin

        Re:Yes an appliance, Re:But...

        "t's NOT a computer, any more so than your TV or your remote control....Do you hack your toaster? Jailbreak your fridge?"

        You are correct in that apple are marketing this device strictly as an appliance.

        However, it would be silly to argue that the device isn't capable of much more than what apple allows it to be. And it's clear these limitations are artificially imposed, as opposed to the other devices you mentioned which are already used to their full hardware potential.

        Continuing with the remote control analogy: ipad:remote control :: unlocked ipad:programmable remote control.

        All things being equal, the locked down / non-programmable devices are clearly inferior since the unlocked / programmable versions are a super-set of them. In apple's case this is almost inexcusable since the unlock capability requires no changes to the product at all (other than removing the restriction).

        I think any true techie would be lying in claiming that they didn't yearn to be able to ssh into their ipad against apple's wishes.

        If apple provided ipad unlocking instructions and an "at your own risk" statement and warranty disclaimer, I am pretty certain there would be a large user base that would unlock their devices "legally". With the iphone apple's done the exact opposite, releasing patches which deliberately bricked unlocked devices.

        With this in mind, it's pretty clear that apple's makes it's decisions around marketing rather than technical aspirations.

        "You complaint sounds typical of the folks that do not understand that some products are focused on doing particular tasks, and are not supposed to be all things to all people."

        One can say absolutely the same thing to defend any product with shortcomings, but instead of generalizing about "the folks that do not understand", sometimes a negative remark can be a genuine criticism.

        1. Alan W. Rateliff, II
          Paris Hilton

          Occupies the same space as AOL

          Being around for as long as I have, it occurs to me that locked platforms like iPhone and iPad most certainly have a place. Just as much as America OnLine has or had a place in some folks' technological lives, so do these locked platforms.

          Apple should not attract our ire for having a platform which has so much potential but is intentionally crippled. For one, they can be jail-broken and done with what one wishes. But those who truly deserve our ire are the other manufacturers who will not or do not produce equally compelling devices for the Rest of Us(tm).

          But then, perhaps the blame should fall on ourselves for ignoring previously open and available platforms. In terms of openness, Windows-based tablet PCs would run whatever Windows application you wanted, even if you wanted to run Linux instead; most phones will run whatever Java application you desire to install; Palm devices had a plethora of applications available. In terms of an app store, many tried, between Handango, GetJar, and other sources, the world truly was our open oyster.

          But it took Apple to make it ubiquitous, pretty, useful, and to bring it all together. And, frankly, it all started with the iPod and iTunes. I have never been a fan of Apple and, other than a couple of classic Macs, do not own anything Apple-branded, and I do so for the simple fact that I do not desire to be locked into a cookie-cutter environment, even if what I want to do would fit into said environment.

          Although every time my Java phone or Palm device crashes because of a memory leak, some weird heap corruption, or errant application, I have to admit I admire the prospect.

          That said, Apple has presented a bundle, a full and complete package. This is not a-la carte, it is all or nothing. You can buy the iWhatever and the full associated ecosystem, or you can not. Or you can get it, break it, and deal with whatever the consequences may be -- no whining about "I got locked out of x because I modded my y device! BOO HOO!"

          Really, do not get pissy with Apple for having something no one else has, be pissy with those who do not have it. At least support it when it does exist.

          Paris, oh yeah, she's got it.

    3. Anonymous Coward
      FAIL

      RE: Funny choice of words

      "My home = I decide who comes in and out."

      Assuming of course that the government has let them into the country.

      It's no different than Apple saying - here's what is allowed in the store...

      "My computer = I decide what runs on it."

      Except you don't - unless you code everything yourself?

      1. John 104

        title

        Don't be stupid. You decide what programs to install and use. You don't have to be a programmer to run a program. Or do you program everything for your computer?

    4. I didn't do IT.
      Boffin

      The Trouble with Appliances

      The problem we have here is definitions and language.

      Is the iPad an appliance? Let us evaluate...

      1. It has a processor with comparable power found in laptops and other "computers".

      2. It has memory capacity and built-in "peripherals" to run "applications" that mimic functionality found on "computers".

      3. It has non-volitile capacity (quite a bit!) the stores exact files used on "computers", (music, books, etc) bought from same "application store" as used on "computers" (iTunes, etc).

      If something walks like a duck, quacks like a duck, and looks like a duck, most people would not know the difference as long as "it just works" like a duck.

      Also, unlike an iPad, you don't need to agree to an EULA to use your toaster, fridge, stove, or other "appliance"; but you usually do for a "computer"...

    5. flying_walrus

      re: Funny choice of words

      > My home = I decide who comes in and out.

      let's test your hypothesis. I decide that Jenna Jameson will come to my home in the next 5 minutes.

      1. John 104

        Dont confuse

        Don't confuse the desire for an application, er, I mean.... With the ability to afford said, er, um, application!

  7. Winkypop Silver badge
    WTF?

    Hey, what about me?

    I don't (won't) have an iPad.

    I read news for free.

    Am I missing something here?

    1. Steve Mw

      RE: Hey, what about me?

      Yes you are:

      http://www.guardian.co.uk/media/2010/jan/20/new-york-times-charging-content-online

      http://business.timesonline.co.uk/tol/business/industry_sectors/media/article7076987.ece

      http://abclocal.go.com/kgo/story?section=news/business&id=6811995

      http://www.theage.com.au/national/fairfax-news-to-charge-for-online-20090808-edm3.html

      Spotted the trend yet?

      1. Anonymous Coward
        Anonymous Coward

        The title is required, and must contain letters and/or digits.

        Is the trend that online versions of papers I don't read are to start charging for online content I'm not prepared to pay for?

  8. gautam
    Troll

    Whats the usage Opinion?

    So whats the user experience like? Anyone throw more light please. Lets have an honest debate about this as against only the bias about paid subscriptions.

  9. Neil Stansbury

    Just no reason to buy one...

    Until the 3G version comes out. Roll on May

    1. Will 12

      I have one

      I zipped over to NYC at the weekend and picked up an ipad or 3, here's my thoughts.

      Its less powerful than my laptop, and less convenient than my iPhone, Im not sure it's a must have purchase for someone like me.

      No need for the 3G version, have my iPhone running as a wireless hotspot, so can use that to allow the iPad to access the net.

      Typing. Pretty easy to type quickly in landscape mode, annoyingly, it's far to easy to hit the n key instead of space.

      Think I prefer reading books on the kindle, kindle is smaller and lighter.

      Apple case is horrible, give me a leather one like the kindle.

      Battery life is very good, watched 3 movies on the trip back and still had plenty of battery left.

      There are definitely areas that need improving software wise, will be interesting to see what OS4 has for us.

      1. John 104

        wow.

        Less powerful than your laptop, less convenient than your iPhone and not a must have, yet you bought 3 of them? Typical Apple idiot.

    2. Anonymous Coward
      Anonymous Coward

      Or jailbreak your iPhone and buy an iPad today

      Tether it to the iPhone, and you don't have to wait (or pay unnecessarily for a second line).

    3. Anonymous Coward
      Coat

      The title is required, and must contain letters and/or digits.

      Until v2.0 comes out, roll on 2011. :)

  10. J 3
    Pirate

    Weird world

    "we suspect it's attributable to the early adopters being used to getting stuff for free"

    Interesting that the type of people who will spend $500 immediately when the product comes out will also be stingy about a much smaller amount (how much exactly, I don't know) for content. Goes to show the digital media producers have it tough -- even provided they get their act together, which is a big if.

  11. Trygve Henriksen
    Flame

    Paid content?

    Would that be Zinio?

    If so, I can readily understand why so few sign up.

    After all, even us members of the Church of Apple wisen up after a while...

    Zinio is incapable of handling VAT correctly.

    not only are they NOT supposed to charge VAT for 'out of state' orders, but the hoops you have to go through in the hope of reclaiming that money... AAAARGH!

    (Final insult; magazines are exempt VAT here in Norway... )

    The fact that they've recently begun sending me 'your subscription is up' messages about magazines I stopped subscribing to in 2006... Bl**dy Wan!ers...

  12. Laie Techie

    Apple Approved

    When I look at the way Apple is handling this, I am reminded of that eternal September. of 1993 ( http://en.wikipedia.org/wiki/Eternal_September ). Once again we have loads of newbies gaining access to a technology. If one of the n00bs installs a virus or whatever, they blame Apple who would have to provide support for and clean up after 3rd party applications. Apple decided to go the other route, only allowing applications they (supposedly) verify won't destroy the iPod / iPad / iPhone. No more support calls from a wannabe hacker ssh-ing into the iPhone and /accidentally/ running "rm -rf /" as root, thus turning their device into a brick.

    I don't agree with Apple's stance, but at least I understand it.

    1. M Gale

      Bah

      "No more support calls from a wannabe hacker ssh-ing into the iPhone and /accidentally/ running "rm -rf /" as root, thus turning their device into a brick."

      ..I've never understood, now phones are miniature computers, why there is never a recovery option? I mean, you "rm -rf /" a computer (or "format c: /y" or whatever), and you can bung the installation disk back in. Okay, you lose what was on it, but your computer is not a brick, shitty DRM notwithstanding.

      Mind you, then the vendor wouldn't get the chance to sell you a brand new phone when the old one has nothing physically wrong with it.

      Hey, suddenly I understand!

  13. JohanV
    Happy

    Someone mentioned hacking toasters..

    I've met a Thai who actually hacked a toaster in under a minute.

    She loved toast but had never used the thing herself.

    She simply applied the butter before she put the bread in the toaster.

    Result: smoke, terror and a toaster that would never be the same again..

    Should we call it a 'security flaw' ??

    :)

This topic is closed for new posts.

Other stories you might like