I wonder how many Chinese people will be sacrificed for this little snafu.

Too soon, Mycroft, too soon.

Talk about a way the spammers could send out, spam, but also a way for someone to spread that SMS vulnerability easily.

though.. how exactly is this not apples fault?

if the design of the im systems communications was done this way, how is it not apples fault?

lassi, the point is that the message system is secured, the identifier is the private key generated during activation.

Jailbreaker use a limited set of keys, so, if you have the same key of yuor flatmate, your iPhone will get his messages :)

So, blame jailbreakers dude

Not jailbreaking, but unlocking.

@mex

How is this secured? Someone could make something that virtualizes multiple keys and just receive all the push notifications from said keys if i'm reading this correctly, which means this could be an accessible exploit. On top of that they could just generate random keys and see if they are valid, which means it could be anyone.

Pretty sure you need to jailbreak to unlock.

And lol flatmates.

Yes, stating the obvious there. You're missing the point made, what we're saying is that jailbroken devices are fine unlocked ones are what will suffer from this.

Apple not considering unlocked phones is a huge design flaw, especially when you create something that can be broken so easily. Everyone understands now why Apple doesn't sell OSX as a standalone OS?

Yeah, im not blaming this one on the unlockers. Sounds like Apple chose a stupid method of authenticating that just happened to be messed up by jailbreaking. Apple doesn't understand that in the real world, people dont always do exactly what you say, and you have to plan for that. Plus, sounds like this could be a security risk for people who get confidential push messages.

@bradgreen: That's the stupidest thing I've ever heard. That's like saying that phone operators should design a system to not use IMEI's as a unique id because people will illegally duplicate them, or that Apple should have a way of using a software-only GPS because people might disable their hardware. If you build a feature into a device, and then someone else breaks it by doing something they shouldn't do, you're no longer responsible.

@IIW That's only half right. This is the 3rd revision of the OS and they've had 2 years of a considerable number of people jailbreaking their phones. The problem with your logic is that Apple not planning for the fact that people would continue to jailbreak their phones has caused distress for Apple's prefered customers (those who haven't jailbroken their phones). So as a "talented" software developer, they really should have designed their system to fail more gracefully.

They put their head in the sand and now they need to scramble to jury rig a solution rather than having done it elegantly in the first place. I agree, Apple fail.

And after reading further.... I don't know where I sit on this.

Apparently jailbreakers don't get this problem, only unlockers, in which case.... it doesn't really effect Apple's prefered customers. Feels more like an Apple time bomb for unlockers. People should be entitled to unlock their phones, so part of me thinks this is really lame of Apple, but then unlocking isn't allowed so you accept limitations (like no 3g on T-Mobile) so there's that.

Meh.

I remember the good old days when "jailbreak" was a term for runaway flatulence...

@Jonathan: except it *doesn't* affect non-jailbroken phones...

(check the last paragraph of the linked article, or any previous article on the same subject)

@Jonathan: oops, by the time my post appeared you had already posted a correction - ignore my previous message :)

The solution to this problem is get rid of the jailbreak and your phone will work fine. Call AT&T and I'm sure they'll say you shouldn't be jailbreaking your phone.

You can buy an official unlocked iPhone from Apple, in other region, such as HK. Just not from the States with AT&T.

"Apple not considering unlocked phones is a huge design flaw"

That has to be the most idiotic statement I've heard this week. I'm no Apple fanboy, but as a software developer I can't let this one go. Clearly you have never worked on anything more complex than a baking soda/vinegar volcano.

@loosely_coupled

You're a software developper, and you say its idiotic to consider hacker knowledge when your designing a secure protocol? Sorry if I never hire someone like you, I just can't imagine saying to my managers "Well its not my fault if they hacked into it, they weren't supposed to exist"...

So what are you working on right now? I hope its complex.

Right... So Apple shouldn't fix security flaws because they were caused by someone doing something illegal? So Windows is excused entirely for having viruses now, because the hackers were just doing something illegal and Microsoft shouldn't have to plan for that?

loosely_coupled is right, it is hard enough to programme a stable and secure app (or OS) without trying to cover all possible unlikely contingencies - indeed it is wholly impractical for programmers to try and think of every possible misuse that people can inflict on their app (or OS).

In any case, Apple made it abundantly clear to all buyers (it is in the agreement) that they do not support unlocking or jailbreaking in any way whatsoever. So they really, *really* do not have to "consider" unlocked phones when they are writing their OS and apps. If this issue is only affecting unlocked phones and does not impinge upon legitimate users, then they system is not broken, and Apple does not have to do a damn thing.

"Apple doesn't understand that in the real world, people dont always do exactly what you say, and you have to plan for that."
Why? This is only making it inconvenient for people who jailbreak their iPhones... Apple doesn't want people doing this, so if jailbreakers' service is messed up, why should Apple care?

Why from America?Other countries sell the phone unlocked t begin with.

Probably deep restore and not jailbreak until they crackers fix it?

Because theres no problem with the current system?

@random-yeti

Except for the very serious problem detailed in this article?

the problem is not on apple's end its only on hacked iphones because the hackers messed up. if you never had your iphone jailbroken then you have no security problems.

@chefgon_ign

Except for the fact that Apple have no reason to fix their current system which works with un-hactivated iphones just fine.

jprafael: Aw, shut up, it's not jailbreaking alone and you know it.

Because if Apple did that they wouldn't be able to deter jailbreakers with the possibility of push messages going to anybody that shares an ID from unlocking their devices. Since Apple obviously can't stop people from jailbreaking from their lock-down shackles they just found a way to make the process less appealing.

@ Zachary Waldowski:

Until we hear about this happening to legally activated, unaltered iPhones, this isn't Apple's problem, and they have no reason to allocate resources to it. Apple needs to allocate resources to improving the experience for those of us who use the device legally.

@Jeff: You do realize jailbreaking an iphone is legal right? Is it against the TOS? Yes, so they don't need to support it. But it certainly isn't illegal.

@ Mark:

Poor choice of words, but you knew what I meant. Point is Apple isn't obligated to fix jailbroken phones.

jprafael @ Jul 23rd 2009 8:40AM
"the problem is not on apple's end its only on hacked iphones because the hackers messed up. if you never had your iphone jailbroken then you have no security problems."

an unlocked door is "secure" until someone opens it too. you still have the security vulnerability of it not being locked. it may keep the rain out, but it ain't gonna stop guys from coming in after your teenage daughter.

it seems to me that a lot of Apple's security depends on them being "different" and an underdog in the marketplace. that's how you end up with a security hole that finally gets patched after twenty-something years. now, Apple has some mainstream, genre defining products and is having to cope with the security problems that come with popularity (look what happens when pop-tarts like brittany spears and miley cyrus get big.) the iphone is Apple's teenage daughter, and she is h-o-t. time to invest in better locks.

and maybe a shotgun too.

Not at all. The intended system worked fine. When hacked, it doesn't work. I'm usually against Apple, but they seem to be at no fault here.

BTW, it wasn't broken on purpose by Apple when hacked, just the way the hack was done.

Yeah.. they make sure their newest selling point doesn't use standard identification techniques (IMEI being one of them). Sounds like an attempt at locking the market out to me.

@Drew Green: We don't know that. All we know is that jailbroken iPhones are having trouble because of the way Apple's software works. Yes, it _could_ be an accident.

@Canny

I don't usually go to bat for Apple, but where would I go about finding out the IMEI on my iPod Touch? you see, they have Push notification too. Obviously they had to come up with something else to accommodate NON phones.

@Pies

From what the article says, jailbroken phones are fine. It's just the unlocked ones using "unofficial activation" that are having a problem.

Apple may prefer you don't jailbreak your phones, but I'm guessing they don't really care what carrier you use. So I doubt they would purposefully design it to not work on unlocked phones. But again I'm just guessing.

AT&T on the other hand probably does care ... a lot.

Well, to unlock you have to jailbreak, so when you unlock you have both. Unless you get an unlocked phone, in which case everything should be fine as its an official activation.

Don't know what you're laughing at?! My iPhones jailbroken and I can still IM with push perfectly.