Headlines exploded earlier this week with warnings that a major security flaw existed in the iOS 4 operating system, the latest mobile operating system being used on Apple’s iPhone. According to numerous alarmist reports, the Mobile Safari browser has a security loophole that allows programs full access to the phone’s data—including settings, programs, contacts and sensitive data. Potentially malicious programs can gain access by causing a stack overflow when Safari opens a PDF file. Once this occurs, programs surreptitiously embedded in the PDF file are then able to install programs, change settings and practically overhaul the iPhone’s operating system as it sees fit. That’s all hypothetical, however. No such iPhone virus that exploits this security flaw has been reported in the wild. So, how does the media know about this vulnerability? It’s all thanks to the jailbreaking community. Jailbreaking—the practice of bypassing Apple’s software controls in order to allow the installation of third-party apps onto the iPhone—was recently ruled legal by the Library of Congress. In the past, jailbreaking was achieved by uploading third-party firmware to the iPhone by connecting it a computer. But with each update to the iPhone operating system, new methods for access have to be innovated by the jailbreaking community. With iOS 4, the solution came via the abovementioned PDF security loophole. iPhone owners wishing to jailbreak their phones need only to visit a certain website in order to install the software. This raises an interesting ethical question. Hackers have long been regarded by the mainstream as aligned with the seedier underbelly of the tech community. But many, if not most hackers themselves consider themselves to be doers of good. The argument is that they break into systems and expose their vulnerabilities in order to alert the developers of issues before they are exploited. In this way, they are a bit like the auditors of the coding world. By brining attention to these flaws in security, hackers do developers and end users alike a service. This is apparently what has happened with the iPhone issue. Apple was quick to release an announcement that it is working diligently on the PDF security flaw and promised an update correcting the issue in the near future. This will undoubtedly prove a blow to the overall mission and purpose of the jailbreakers, since their window of opportunity will soon be closed. But the discovery of this potentially serious security loophole through benign means and its imminent rectification speak volumes towards the value of hackers as a culture.
|