Will jailbreaking survive the next iPhone?

All the signs are pointing towards the jailbreak for the 2nd generation iPod Touch being released very soon. The iPhone Dev Team – responsible for the Pwnage jailbreak – has uploaded a photo to their new website redsn0w.com. It now shows a chipset that one of the commenters on their blog has identified as being from the 2nd gen iPod Touch. This is excellent news. It brings the latest Touch up to par with all other devices running iPhone OS, and it shows that Apple’s chain of trust on the device can be broken.

You may remember that the jailbreak for the original iPhone could be done via the website jailbreakme.com, which took advantage of a flaw in Safari. Recently I was reading a Slashdot discussion on the iPhone 3G unlock. Coupled with the Dev Team’s talk at CCC, this brought home to me how far Apple has moved on in securing the 2nd gen iPod Touch, compared to the original iPod Touch and iPhone. I also wondered how far Apple will go. Could the iPhone 3G and the 2nd gen iPod Touch be the last ones that can be jailbroken?

It has taken four months to jailbreak the latest iPod Touch, and five months to unlock the latest iPhone. The iPhone Dev Team was hacking two different things – a new chipset in the iPod Touch, and the baseband in the iPhone 3G. But the central issue on both devices is that Apple signs every almost every binary.

As commenters on /. put it:

The kernel won’t execute a binary in userland unless it’s signed; the firmware loader won’t execute the kernel unless it’s signed; the low-level bootloader won’t execute the firmware loader unless it’s signed.

the only reason they’re able to break it is because the bootrom (initially run by the hardware) is modifiable yet not signature checked. I suppose that’s because they want to be able to upgrade the bootrom but signature checking is only implemented in software and not hardware. All the NOR and NAND flash memory and the processor is built inside an integrated chip, so it is possible that future revisions of the chip will also integrate a TPM to verify the signature of bootrom. Let’s suppose Apple will do that. You will then have a completely working DRM framework on the iPhone.

That is one reason why jailbreaking may be much harder on the next generation of iPhone and iPod Touch. Unlike a PC, you cannot practically swap out the hardware or install a mod chip to defeat the restrictions.

Saying that, even though Apple has implemented some of the tightest security to date in a mobile device, given time and hard work, it has been broken by some very smart people. I’m fairly confident that they will be able to find another hole, but we’ll just have to wait and see.

  • Richierich

    Interesting article.

    Suspect the third generation of iPod Touch / iPhone may use such an integrated chip with integral DRM, considering the chipset business they recently invested in.

    On the plus side, third generation may use a multi -core ARM based processor.

    Exciting times are ahead!

  • http://www.topsoftware.co.za/iPhone-software.html Iphone-r

    Good Read Matt,

    I think the flaw in “EVER” making a phone uncrackable is to simply remove firmware updates.

    I dont really see that happening any time soon.

    If its encrypted, someone will hack it.

    Hackers have more time than the people trying to protect their devices, its the flaw in the whole thing. If its worth cracking, it will cracked 😀