Surprise iOS 7.1 jailbreak for most iPhones and iPads uses year-old flaw

Developers in China have published what appears to be a reliable and malware-free jailbreak for most iPhones and iPads running the latest version of Apple's iOS. The release underscores how hard it is to keep such jailbreak exploits out of the public domain, since the code vulnerability that makes it possible appears to come from a highly secretive training class on iOS exploit development.

Jailbreaks allow iOS users to bypass Apple's iron-clad technical restrictions and install unauthorized third-party software that is not included in the App Store. The technique appeals to many users, but it also comes with significant risks. One is that the process could temporarily or possibly damage the device. Another is that jailbreak developers may bundle keyloggers or other types of malware inside the software that performs the operation, leaving users with a device that steals passwords, tracks geographic whereabouts, or performs other nefarious deeds. Neither of those risks appears to accompany the release this week of the PanGu jailbreak, but Ars hasn't verified its safety, security, or reliability. Readers who choose to run the program do so at their own risk.

The jailbreak, according to security researchers at Lacoon Mobile Security, uses a digital certificate Apple provides to enterprise customers to bypass restrictions on unauthorized apps. Apple makes them available so that customers can establish their own in-house source of apps instead of relying on the App Store. PanGu uses the certificate associated with "iPhone Distribution: Hefei Bo Fang communication technology co., LTD." At the moment, users must physically connect their iPhones or iDevices to a computer, but it's possible that PanGu could be refashioned to work remotely.

Read 4 remaining paragraphs | Comments

Hackers Recreate NSA Snooping Kit Using Off-the-shelf Parts

So some curious hardware hackers grabbed the leaked catalogue that detailed the hardware involved in the NSA Snooping Kit, and have recreated some of the ‘high-tech’ top secret tools with off-the-shelf parts and items that can be bought from Kickstarter. I mean some of it seems pretty simplistic though, a monitor mirror and a hardware...

Read the full post at darknet.org.uk