@Joel:
When you jailbreak a phone (or device), all you’re doing is getting full read/write access to the whole disk (in the case of the iPhone, flash memory). Unlocking is somewhat more complicated to do without the carrier’s approval (and such unlocking has been declared legal in the United States).
This isn’t a security flaw at all, rather people who don’t know what they’re doing (wannabe “hackers,” very different from real hackers like Jonathan Zdziarski) make a “push fix” easy to obtain, which then causes this problem.
Apple could have made their code verify the certificate against the device UDID or serial number, which would prevent this from ever happening … but still, it’s not Apple’s fault.

I think Dan is trying to pre-empt stories like this one in the trashy El Reg.

‘And although the problem appears only on hacked iPhones, it appears to be rooted in a security flaw in the Apple implementation of the Push notification system, according to Schadde. “There appears to be something hackable in the notification,” he said.”‘
http://www.theregister.co.uk/2009/07/21/push_notification_vuln/

This is a great place, though the old articles (and series …will the 404 errors ever be fixed?) are still some of the best anywhere.

Personally, I use Apple products when I can, and Linux elsewhere. It annoys me that many in the “free software” movement think of Apple as another M$ … sure, I don’t like DRM and don’t think Apple should have interfered with iPod Hash [they do have every right to block the Pre though], but those are just minor issues compared to the bigger picture.

–Dave

You’ve got it a bit wrong. What actually happened is as follows:
Push messaging doesn’t work on phones that aren’t officially activated. (A jailbroken or unlocked phone may very well be officially activated though, mine is. [I'm an AT&T customer anyway.]) This is because the initial handshake with Apple, when the certificates necessary for Push to function are copied to the phone, never takes place.
So, the hackers released a program that allows a user to copy the certificates from one jailbroken phone (officially activated) to another (unofficially activated). This was labeled as a “preliminary workaround,” and absolutely not final in any way. [This was released via Twitter, http://bit.ly/ZwAMM
Later, different people took their own certificate (or maybe someone else’s), packaged it with the tool that’s used to copy the certificate back onto the phone, and put it on the major repositories. This is what caused all these problems.

In any instance, you can have an unlocked and jailbroken phone that works properly without this problem at all … it only becomes a problem when the phone isn’t activated properly.

Dan, please be more careful next time. I usually enjoy reading your articles, but something of this quality isn’t acceptable by my standards.

And follow it up with some research in Apple’s real share of the personal computer computer market after you take away all the massive corporate PC purchases from the figures.

Or the estimate that Apple has 20% share of the worldwide mobile phone profits in the last F1/4.

I found those a bit more interesting that whether ‘a story’ incorrectly implied a fault with the iPhone!

There are many, many articles about Apple with factual inaccuracies written from highly uninformed viewpoints (try reading the guardian.co.uk tech column!) – you need to rise above trying to slam them all – like Apple itself does. It just isn’t fun to read blogs that spend their time moaning and complaining about the failings of others – it isn’t big and it isn’t clever.

Please write something informative and interesting for us – I can form my own judgements on other people’s columns.

“While a variety of sources …. in reality this exploit affects only iChat messages sent to users who have hacked their phone and made it vulnerable. As a result of the hack, a message sent to any hacked iPhone is also sent to all users of iPhones which have been hacked by the same exploit.”

Does anyone know of a random legitimate user who has received such a message?

If not, and if a chat message goes to all users because the “hack” has the same user credentials every time, that is surely just what every user of the hack deserves.

Looking at what Til Schadde actually said, I think this should read “While a variety of sources …. in reality this exploit affects only iChat messages sent to users who have hacked their phone and made it vulnerable, meanwhile also sending copies of the message to random legitimate iPhone users.”

I have not seen enough to know whether these “random strangers” all continue to receive copies of messages sent to a single hacked iPhone, a number of hacked iPhones or that copies of messages are sent to a different random stranger every time.

The problem is that Till Schadde himself is suspect, since he acknowledges he has friends who have “hacked” iPhones he sends the messages to.