Nicholas Allegra lives with his parents in Chappaqua, New York. The tall, shaggy-haired and bespectacled 19-year old has been on leave from Brown University since last winter, looking for an internship. And in the meantime, he’s been spending his days on a hobby that periodically sends shockwaves through the computer security world: seeking out cracks in the source code of Apple’s iPhone, a device with more software restrictions than practically any computer on the market, and exploiting them to utterly obliterate its defenses against hackers.
“It feels like editing an English paper,” Allegra says simply, his voice croaking as if he just woke up, though we’re speaking at 9:30 pm. “You just go through and look for errors. I don’t know why I seem to be so effective at it.”
To the public, Allegra has been known only by the hacker handle Comex, and keeps a low profile. (He agreed to speak after Forbes‘ poking around Twitter, Facebook and the Brown Directory revealed his name.) But in what’s becoming almost an annual summer tradition, the pseudonymous hacker has twice released a piece of code called JailBreakMe that allows millions of users to strip away in seconds the ultra-strict security measures Apple has placed on its iPhones and iPads, devices that account for more than half the company’s $100 billion in revenues.
The tool isn’t intended for theft or vandalism: It merely lets users install any application they want on their devices. But jailbreaking, as the practice is called, violates Apple’s obsessive control of its gadgets and demonstrates software holes that could be exploited later by less benevolent hackers.
Apple didn’t respond to requests for comment, but it’s not thrilled about Allegra’s work. When he released JailbreakMe 3 in July, the company rushed to patch the security opening in just nine days. Nonetheless, 1.4 million people used the tool to jailbreak their gadgets in that time, and more than 600,000 more since then. Allegra has become such a thorn in Apple’s side that its stores now block JailbreakMe.com on in-store wifi networks.
“I didn’t think anyone would be able to do what he’s done for years,” says Charlie Miller, a former network exploitation analyst for the National Security Agency who first hacked the iPhone in 2007. “Now it’s been done by some kid we had never even heard of. He’s totally blown me away.”
To appreciate JailbreakMe’s brilliance, consider how tightly Steve Jobs locks down his devices: Since 2008, Apple has implemented a safeguard called “code-signing” to prevent hackers from running any of their own commands on its mobile operating system. So even after an attacker finds a security bug that gives him access to the system, he can only exploit it by reusing commands that are already in Apple’s software, a process security researcher Dino Dai Zovi has compared to writing a ransom note out of magazine clippings.
After Allegra released JailbreakMe 2 last year, Apple upped its game another notch, randomizing the location of code in memory so that hackers can’t even locate commands to hijack them. That’s like requiring an attacker to assemble a note out of a random magazine he’s never read before, in the dark.
- Posted using BlogPress from my iPad