The battle of Cupertino: Jailbreakers do it for freedom, not cash
Shanghai's Pangu Team explain how they work to loosen Apple's iron grip
Ruxcon A team of seven Chinese hackers are forgoing big bucks and instead pursuing their effort to open Apple to the security research field and thereby allow users to modify their devices.
The group of brilliant independent security boffins known as Pangu Team are among the top researchers in the iDevice jailbreaking scene, where they battle with Apple's security teams to find ways to hack the hugely-popular and increasingly tough nut that is iOS.
The hackers could easily sell the iOS exploits that make jailbreaking possible to eager buyers and brokers for huge amounts of cash. Instead the core team of four researchers, who operate from Shanghai apartments, are burning their exploits to help users all over the world install applications that Apple has not sanctioned, to access otherwise cordoned-off tweaks and tap into an entire App Store that is unavailable to unmodified iDevices.
"We really want the Apple end users to fully control their device for free … to be able to really control the device, not just 'occupy' it," Pangu Team's Tielei Wang told Vulture South at the Ruxcon conference in Melbourne last Saturday.
"If you sell zero days, the buyers will use it for some unknown private use.
"Secondly iOS is a closed-system and without a jailbreak you are not able to do any advanced security study … and we want to be able to promote iOS research."
Jailbreaking is a complex tit-for-tat game that requires the discovery of new vulnerabilities within iOS that can be exploited to allow users to break Cupertino's iron security grip it holds on iPhones and iPads.
Apple does not approve of jailbreaks and will often plug those hard-won vulnerabilities when it releases updates for iOS. Users wanting both the newest iOS features and their modifications have to wait for the likes of Pangu Team to find another way to break the latest update.
Others play the jailbreaking game. Esser is among the notable, along with Nicholas Allegra, Chronic Dev Team, evad3rs, TaiG team and more.
"I'm working on code signing, Tielei's working on kernel -- everyone has something different and we combined our work together," Pangu Team member Chen XiaoBo says.
The boffins released their first jailbreak in June last year using a vulnerability discovered by respected Apple hacker Stefan Esser which pried open iOS 7.1. They followed that in October with a jailbreak for iOS 8.
Last week they dropped a much-awaited jailbreak for iOS 9.
Somewhere between this unpaid mission to best Cupertino's finest the crew run a mobile security startup consultancy out of China's capital.
They are not Apple die hards, however. Wang and XiaoBo say they like Google's Android operating system saying it is catching up to the quality of iOS, and plan to begin working on developing exploits for that platform.
"We are planning some work on Android in the future," Wang says. "The whole software stack, from the lowest level to the highest."
The group will continue their iOS jailbreaking work. The next challenge is the iOS 9.1 update that rendered their newest hard-earned jailbreak ineffective. ®
- Apple M1
- App stores
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Tim Cook
- Trusted Platform Module
- Zero trust