iOS 9 Jailbreak being plotted by China’s elite hacker crew, look out Apple
One of the most complexed, advanced and charitable hacker crew, Keen Team from China told Forbes that they are planning a iOS 9 jailbreak in time for the full commercial release of iOS 9 this autumn. Liang Chen, one of the crew’s researchers, Liang Chen from Keen Team, which is also spelled as K33n Team told Forbes that they also have plans to tie up with another top jailbreak groups, Team Pangu, who are also from China.
Having a history in cracking iPhones, Keen Team, in the past have been awarded with $27,500 and $40,000 for getting into iPhones at the 2013 and 2014 Mobile Pwn2Own competitions respectively by cracking Apple’s Safari browser.
Given the susceptibilities that can be exploited in Apple’s operating system, many of them will be eager to release their first iOS 9 jailbreak, given the money and credit that can be made. Chinese app stores, in few cases, give money to the researchers for their jailbreaks so that when users install the hack, they are given an option of installing the third-party marketplace.
For an untethered jailbreak one that can be installed and used without being connected to a PC via USB are rumored to be be in worth upwards of $1 million. The iOS research community have largely agreed on those rumors.
However, Chen says he is not in favor of the marketable or saleable aspect of jailbreaking, but has a keen interest in the technical aspect of it. For a successful rooting of an iPhone, the amount of knowledge and skill required is beyond the reach of most. Typically, between three and five zero-days unpatched and previously-unknown susceptibilities are needed for a jailbreak to work successfully. Then they need to be fastened together and the final exploit made continuous, so that when the iPhone booted again, the iOS is made is free of Apple control.
It is for this reason that K33N may tie up with Team Pangu, which has in the past released jailbreaks for previous iOS versions, including iOS 7 and 8. However, they have no intentions to work with fellow Chinese group TaiG, a secret entity that was behind the most recent untethered jailbreak in iOS 8.2. Chen told Forbes he may keep susceptibilities for hacking contests in the future or give it over to big bounty organisations, like HP’s ZDI Initiative, which runs the Pwn2Own competitions. He may inform Apple first in some of the cases.
On Monday, Chen and his colleagues announced at WWDC for now they will be digging iOS 9, in the hope they can unveil some usable faults. “We want to release it just after iOS 9, that’s our plan,” Chen added. “It depends how lucky we are.”
Android is in K33N Team’s crosshairs too. In a talk entitled “How To Root 10 Million Phones With One Exploit”, James Fang, another of the K33N cadre displayed his exploits of Android at the MOSEC Conference. Though there are many exploits for Google’s operating system, he explained that his crew are specifically skilled at finding problems in the Linux kernel used by Android to ascertain one attack works across the many different versions of the OS.
“What we try to do is find what is the common point of all those devices … so we can achieve universal rooting,” Fang said. The idea of the game is to discover a way into the kernel by finding key pieces of data, such as credentials in memory or patterns that would disclose more about the lower-level workings of the OS.
Android PingPongRoot tool, which opens up Samsung Galaxy S6 phones on the XDA Developers forum has been released by the K33N Team. This August, yet another member of the 12-strong group, Wen Xu, will be explaining more Android kernel exploits at the BlackHat security conference in Las Vegas.
Users should be suggested that rooted and jailbroken devices can make phones vulnerable to more security issues, specifically non-vetted, unsigned, malicious software. However, Fang feels that rooted phones also lets more security protections to be installed on the device.
Irrespective, of the ultimate impact of their exploits on security, the K33N Team will be cracking open operating systems for fun and profit. They will not only help users prise open their devices, but also their attempts should give confidence to vendors to up their game and keep the authentic and dangerous hackers out of people’s phones.
