The organisers of the Hack in the Box security conference have uploaded a one hour long panel discussion on iOS and OS X security featuring popular iOS hackers pod2g, planetbeing and MuscleNerd along with Mark Dowd, a researcher with Azimuth Security.
Although their talk spanned across a wide variety of topics, the focus was obviously on iOS jailbreaking, and specifically the difficulties the teams have to tackle in their course of coming up with an untethered iOS 6 jailbreak.
On the lack of a software unlock
MuscleNerd attributes the relative inactivity in the unlocking scene due to the ease in which you can pay a third-party vendor to get your phone factory unlocked. These unlocks, established by adding your iPhone’s IMEI to Apple’s unlock database, are in most cases permanent and persist across multiple iOS versions unlike earlier unlocking solutions.
Increased kernel security in iOS 6
Mark Dowd, who managed to get Cydia running on iOS 6 through a kernel exploit, says that Apple’s tightened the security of the kernel in iOS 6 quite a bit, making it harder to writer exploits targeted at the kernel. The exploit that he used didn’t enable a “permanent” jailbreak. His exploit, although useful, doesn’t ensure the release of a jailbreak anytime soon since a userland exploit is needed to trigger the kernel exploit. pod2g says that he’s working on finding this userland exploit, which might take time.
The Apple TV 3 Jailbreak
Although many of the internals, including the kernel, of the Apple TV 3 is the same as iOS, the lack of a “mobile backup service” makes injecting exploits difficult. Because the Apple TV rarely talks to iTunes, there aren’t as many vulnerabilities or as hackers call it “injection vectors.” pod2g says that many of their exploits for previous versions of iOS work on the Apple TV 3, just that there isn’t any way to send the exploit file to the right place in the Apple TV’s filesystem.
Here’s the entire video, embedded for your viewing: