If you thought the evad3rs, a well-known group of hackers, have played out all their cards with evasi0n – well, they have something to tell you. Errr… well, to tell Apple: they still have plenty of bugs in their pockets, and they are already awaiting the release of the next generation iPhone to jailbreak it.
Techcrunch has reported in January: “One of the bugs that contributes to [the evad3rs’] functional jailbreak is so good, that the hackers who discovered it would rather hang on to it while looking for another to replace it, instead of releasing it out into the wild where Apple could learn of the exploit, and patch it.”
But in the end, the evad3rs didn’t replace just one component of their jailbreak before releasing it. According to David Wang, one of the four hackers who worked on evasi0n, the team was able to swap out all of it with lower-value exploits except one element targeting a bug used for executing code in an iOS device’s kernel, the deepest, most protected part of the operating system. All the other bugs used in evasi0n are “redundant,” he says, meaning the hackers have found similar, backup bugs they can use even if the newly exposed ones are patched by Apple.
Those leftover bugs don’t quite add up to an entire extra jailbreak, Wang says. But they do give him confidence that with more research, jailbreakers will very likely be able to crack the next version of iOS, too. “Even if we could only find another one or two more [bugs], we’d still have at least one more jailbreak left in us,” he says. “It’s getting harder. But there are still a lot of vulnerabilities left”, Forbes informs.
After the jailbreak was released, the blogosphere was amazed by the ingenuity of these hackers as evasi0n exploited at least five bugs, so the question of whether any bugs remained became a very real consideration. Charlie Miller, a former NSA analyst and current security researcher for Twitter wrote that this will be the last publicly released iPhone jailbreak, and one of the arguments was the scarcity of remaining bugs.
And for those wondering about iOS bugs, Wang has great news: the jailbreak community isn’t going to run out any time soon: the hackers have switched from using only high-impact critical bugs in Apple’s software to chaining together bugs that at first glance seem minor, but become a powerful tool in their hands once combined.
When it comes to monetization, the Forbes article points out that a single iPhone exploit can sell for up to $250,000 on the grey market. But there is one more temptation for a jailbreaking hacker: to be hired by Apple itself. However, as the Comex example shows, the future doesn’t start there.