The notorious Norwegian hacker, Jon Lech Johansen — better known as “DVD Jon” for releasing code that broke DVD copy protection in the late 1990s — has drawn first blood with the iPhone.
Johansen has posted a workaround on the Internet that allows iPhone owners to use their devices in a limited fashion without having to first activate it with AT&T.
The code, which he posted Tuesday on hisblog in an entry entitled “iPhone Independence Day,” transforms the iPhone into a very expensive iPod and Internet communicator.
“I’ve found a way to activate a brand new unactivated iPhone without giving any of your money or personal information to AT&T NSA,” he says. “The iPhone does not have phone capability, but the iPod and WiFi work. Stay tuned!”
The code allows users to play any multimedia file that the iPhone has been designed to play without paying the startup fees. Any function having to do with wireless voice communications, though, cannot be used with the code. The workaround requires a Windows computer that has theMicrosoft .Net framework installed.
Firmware Still Intact
The code essentially mimics an AT&T server. “We would call this a ‘mimicry attack,'” said Neel Mehta, team lead of the advanced research group at IBM Internet Security Systems.
“It is based on subverting the domain name system with a server that acts like Apple’s activation server,” Mehta told TechNewsWorld.
While it is not the iPhone’s full package, the code does give free access to the device’s most alluring features. “There is a lot of interest in the interface on the iPhone, for example,” Mehta said. “The quality of the screen and the ability to use it as a media player has been a major selling feature for Apple.”
Indeed, most of the people interested in DVD Jon’s latest technological feat appear to be more attracted to putting one over on AT&T than to what they’re actually getting by circumventing the activation.
One commenter on DVD Jon’s blog told readers that another way to activate the phone without AT&T in the loop is to borrow a friend’s activated IPhone SIM (subscriber identity module) card and then insert it into the unactivated iPhone.
Such stunts are unlikely to make a dent in AT&T’s and Apple’s fortunes — at least at the moment. For now, hacking the iPhone amounts to psychological warfare.
DVD Jon and his followers are most interested in the bragging rights that accompany such accomplishments, said Paul Henry, vice president of technology evangelism for Secure Computing.
“That is what we are seeing today, a week out from the iPhone’s release,” he told TechNewsWorld. “Everybody is looking for bragging rights to see who can be first one to get to the iPhone’s kernel.”
Eventually, though, given the immense interest in the iPhone, hackers’ thoughts will turn to leveraging its popularity in pursuit of other interests.
“Sales of the iPhone are estimated at being 5.25 million units for 2007 and 12 million for 2008 –with current demand showing this is certainly achievable,” Mark Sunner, chief security analyst at MessageLabs, told TechNewsWorld.
“This represents a significant ecosystem on a single ‘new’ platform. These two factors combine to make the iPhone a very attractive target for the bad guys — I would think the race to find potential exploits will now be on.”
Already, scams involving the iPhone are bombarding in-boxes, Henry noted. One ot these tells recipients they’ve won a new iPhone and then directs them to a malware-hosting Web site.
The site attempts to exploit more than 10 Active X vulnerabilities to install a malicious payload.