Shortly after the iPhone first debuted, Apple CEO Steve Jobs described attempts to keep jailbreakers at bay as a “constant cat and mouse game.”
“We try to stay ahead,” Jobs said. “People will try to break in, and it’s our job to stop them from breaking in.”
Since then, jailbreaking has evolved from users swapping out SIM cards for other carriers to a complete alternative to Apple’s closed ecosystem where apps must be vetted and can only be purchased via iTunes.
With the advent of the iTunes App Store, jailbreaking has morphed into a full fledged community. And one of the world’s foremost jailbreakers just happens to be shaggy haired 19 year old kid named Nicholas Allegra who still lives with his parents in Chappaqua, New York. For all you jailbreak-minded folks, you might recognize Allegra by his alias, Comex.
[In] what’s becoming almost an annual summer tradition, the pseudonymous hacker has twice released a piece of code called JailBreakMe that allows millions of users to strip away in seconds the ultra-strict security measures Apple has placed on its iPhones and iPads, devices that account for more than half the company’s $100 billion in revenues.
The tool isn’t intended for theft or vandalism: It merely lets users install any application they want on their devices. But jailbreaking, as the practice is called, violates Apple’s obsessive control of its gadgets and demonstrates software holes that could be exploited later by less benevolent hackers.
Frequently, Apple responds with security updates to counter Allegra’s updates to JailbreakMe. This past July, for example, Allegra released JailbreakMe 3 which prompted Apple to issue a security patch just 9 days later. And highlighting the popularity of jailbreaking, approximately 1.4 million iPhone users used Allegra’s tool to jailbreak their devices in that short time span.
Allegra has not only attracted the attention of Apple, but has also raised eyebrows in the security community at large.
Charlie Miller, for example, is more than impressed. Miller, you might recall, is consistently discovering exploits in Apple products such as his SMS exploit which allowed a user to remotely take over any iPhone and, more recently, his discovery of a security flaw in Apple’s notebook batteries. And oh yes, Miller used to work for the NSA so he’s someone worth paying attention to.
In a profile on Allegra for Forbes, Miller explained how taken aback he is with Allegra’s work.
“I didn’t think anyone would be able to do what he’s done for years,” Miller explained. “Now it’s been done by some kid we had never even heard of. He’s totally blown me away.”
Dino Dai Zovi is another noted security expert who is equally impressed with Allegra, going so far as to call the sophistication of Allegra’s work on par with the sophistication of the Stuxnet worm that infected Iran’s Nuclear facilities a few months back. Since being deconstructed, Stuxnet is universally looked upon as the most sophisticated piece of malware ever created.
A self described Apple fanboy, Allegra isn’t motivated by money, but more so about the challenge of figuring out how to skirt around Apple’s increasingly challenging security measures.
Regarding his process, Allegra relays that “it feels like editing an English paper. You just go through and look for errors. I don’t know why I seem to be so effective at it.”
And effective he is.