If you're receiving an "exploit failed" error message using redsn0w 0.9.9b7 – or any other redsn0w 0.9.9 beta build – to jailbreak an iPhone 4, it seems to be related to the automatic ipsw identification.
Move the iPhone3,1_5.0_9A334_Restore.ipsw into the iPhone Software Updates directory. On OS X this is located in ~/Library/iTunes/iPhone Software Updates.
Re-run redsn0w and the jailbreak will work as expected. Don't forget that it's still a tethered jailbreak.
Useful if you're installing packages from the command line and want the homescreen icons to be visible.
Install UIKit Tools (apt-get install uikittools) and from the command line run sudo -u mobile uicache
If sudo isn't installed, install that with apt-get install sudo or
su mobile
uicache |
And while you're on the command line, make sure to change the password for the root and mobile users.
passwdpasswd mobile
Recently the email address and ICCID (SIM serial number) of at least 140,000 iPad 3G owners were left unprotected by AT&T. AT&T chose to blame "hackers" for stealing this information, but that is just deflection. AT&T didn't adequately protect customer information, and as a result someone found it.
AT&T also claims that it was only the email address and ICCID that leaked, which is another partial truth. A 2008 paper titled SIMs and Salsa (quick view) demonstrates how the ICCID is directly linked to the IMSI.
AT&T SIM cards have a 20-digit ICCID, and the IMSI is 15 digits long.
The iPad ICCIDs all seem to begin with 8901410424 and followed by 9 important digits and then a single checksum digit. For example 89014104240123456781.
An AT&T IMSI is 15 digits, made up with the MCC (310), MNC (170) and the 9 underlined digits preceding the checksum in the ICCID. So if your ICCID was 89014104240123456781 as in the example above, your IMSI would be 310170012345678.
You can find your ICCID on your iPad by opening Settings, choosing General and then About.
Each device has a unique IMSI, and the IMSI is considered sensitive enough that it's rarely sent over the wireless network. Even the name – International Mobile Subscriber Identity – implies that it is something that shouldn't be shared freely.
The IMSI is also one of two pieces of information needed to clone a SIM card, the other being the Ki, or subscriber authentication key. Fortunately the Ki can only be retrieved with physical access to the SIM card.
But, knowing who a specific IMSI belongs to, for instance someone at the White House, allows an attacker target a specific user. Using technology like an IMSI catcher an attacker can insert their own device between a target and the carrier network and monitor data or voice conversations. There are a number of flaws in GSM that I assume could also be exploited relatively easily by someone – like a foreign government – with the proper resources and motivation.
AT&T is downplaying their own incompetence at securing customer information, and is putting customers at risk. Customers who are newsworthy in their own right. Even if the information on the iPad isn't sensitive, it can easily be compromised and used as an attack vector onto a previously inaccessible corporate wifi network.
Perhaps AT&T feels that is not a real risk? The latest jailbreak is a userland jailbreak and it's not inconceivable that it could be adapted to work in Mobile Safari. The first iPhone was able to be jailbroken simply by visiting a special website. And Dave Aitel has been selling Silica since 2006. One of the use cases Aitel would pitch for Silica was to mail it to a CEO and let it automatically hack anything it could find, beginning with wifi networks.
AT&T needs to immediately and proactively issue all iPad 3G subscribers new SIM cards.
Fairly typical day, except that that I enabled phone service on the iPhone. This test was conducted with my usual rigorous standards, which means I happened to glance at my iPhone data usage around lunch, and ballparked the data transfer. The only thing I can be sure of is the quantity and duration of the phone calls, and that I had them with me all day.
iPhone 3GS, brightness set to ~55%. Wifi was enabled all day, 7:00 AM – 10:40 PM. 3G was enabled between 11:00 AM and 8:30 PM. A single two-minute phone call was placed. Roughly 11MB of data usage while on 3G (several web pages and Twitter using Tweetie).
Final result: At 10:40 PM there was 26% remaining on the battery.
BlackBerry Bold 9700, brightness set to auto. 3G and wifi enabled all day – 7:00 AM – 10:40 PM. Multiple background apps – SocialScope (Twitter) and Twitter for BlackBerry, multiple web pages and push email for 5 different accounts (4 BIS, 1 BES). 5 phone calls were placed, lasting a total of around 70 minutes.
Final result: At 10:40 PM there was 65% remaining on the battery.
Dear RIM,
Please shave 1-3mm off the thickness of my next device, I obviously don't need a replaceable battery1.
xoxo,
Corey
Side note: I have replaceable batteries for the BlackBerry Tour/Storm/Storm2/8900, the BlackBerry Bold 9700, my Mifi, and the BlackBerry 8530. I do not have any spare batteries for any of my Android devices, which would feel like trying to color coordinate my car with vehicles the rest of the highway. The BlackBerry 9700 is the first device I've ever owned where it takes significant effort to drain the battery (<20% remaining). Enjoy the high caliber of writing I produce right before I fall asleep.
Services used and recommended by Corey.
© 2007-2013, Corey Gilmore | Posts RSS Feed | Comments RSS Feed | Contact
The views expressed on these pages are mine alone and not those of any past or present employer. All information presented on this site was obtained lawfully and not through disclosure under the terms of an NDA.