The Pangu jailbreak could put an iOS 8 jailbreak even further out of reach

Screen Shot 2014-06-26 at 8.02.49 AM

Jailbreakers got an unexpected present last week when a relatively unknown hacker group released a jailbreak for iOS 7.1.1. Called “Pangu,” the jailbreak package was later determined to be safe besides a shady pirate app store installed alongside the program.

But the Pangu jailbreak isn’t all that it appears. The methods the jailbreak uses to hack your device were stolen.

According to iOS researcher Stefan Esser — who has previously been responsible for untethered jailbreaks under the handle i0n1c — the Pangu jailbreak relies upon two stolen things in order to work: an enterprise certificate from Apple, and Esser’s own secret jailbreak methods.

“They are just thieves,” Esser wrote on Twitter.

It’s not uncommon for apps to sidestep the vetting process of the iOS App Store by using enterprise certificates. That is, for example, the technique the popular iOS GameBoy emulator GBA4iOS uses to install itself on devices. Enterprise certificates allow a developer to install their app on as many devices as they’d like, without Apple’s approval, and while Apple can revoke the enterprise certificate at any time, in most case, the certificate will continue to work as long as you roll your system date back.

But the theft of Esser’s jailbreak techniques might be a bigger deal. It seems abstract at first, but Esser claims that the Pangu jailbreak uses many secret vulnerabilities that he has only shared with other people in a research setting.

“The Pangu jailbreak does not only use one info leak bug but several from my training. And there is basically my code linked directly into it,” Esser wrote.

From a practical perspective, though, the fact that these vulnerabilities were used to jailbreak iOS 7.1.1 just months before iOS 8 is released means that Apple will have patched them by the time the next major version of their operating system comes around. Which means that, potentially, an iOS 8 jailbreak could take even longer to find than it usually does. And that’s bad news for everyone.

  • Michael Weisberg

    Too bad because I actually liked it before

  • TJ

    C’mon, we all know the Chinese nationals are legendary for this stuff. Don’t act so surprised. If your data crosses a public router unencrypted, and it’s valuable enough, they WILL get it and copy it. Shanzhai!!!

    http://youtu.be/lAqRbmr7BVA

  • mlee19841

    Shouldn’t have shared that part of the info dude. All the people that bash him on twitter for not releasing the iOS 7.1.1 jailbreak himself. I see a couple of people going to the class getting the info and says well u wanna be a troll and not release it. While watch this.

    • Niclas

      He is a teacher relying on the exploit for demonstration in his classes.
      To join the class you promise to not disclose the exploits used so he can continue with classes in the future.
      Most students and esser regards them selfs as friends.

      With your logic, I sure as hell wouldn’t want to be your friend.

      • Fofer

        An allegation being made is that i0n1c is lying, and that he sold the exploit to them, and that they didn’t, in fact, steal it. They do mention/thank him in the app’s credits:

        http://i.imgur.com/4vgjSCr.png

        “Thanks for infoleak bug from i0n1c training.”

        Sure, they could just be obnoxiously bragging about their theft, or they could be properly acknowledging their collaboration. The question is, which is it?

  • lowtolerance

    Esser obviously knows his shit, but he’s not exactly the most forthright person in the jailbreak scene. I would take anything he has to say on a jailbreak release with a huge grain of salt.

  • http://www.eazycomputers.com/ PhoneTechJay

    I’m with Esser (i0n1c) they should have waited for iOS 8 so that it could been jailbroken as easily. Instead they will patch it and this hole is burned for good. Question is how were they stolen in the first place.

    • Niclas

      One of them was a student of him and some watermarks from Esser in the exploit code is still in pangu jb.

      • http://www.eazycomputers.com/ PhoneTechJay

        So by him being a student he could either copy and pasted or made the same thing from scratch. My opinion is anyone could have found this giving more time and written it the same way if not better.. He could have even left it there purposely.

      • Niclas

        Even though that isn’t the case, give me a reason on why I would copy (copy paste/read write) your work, include some stuff that identify the origin and then call it mine?

        For your information, i0n1c was on the “thanks list” on their site for providing the exploit.

        Just stop.

      • http://www.eazycomputers.com/ PhoneTechJay

        Stop what? I’m only stating the fact anyone could have found and did this same exploit. There are more hackers that aren’t so public that probably had there phones jailbroken already. Relax.

      • Niclas

        If it was found by someone else they wouldn’t have credited i0n1c.
        Your not stating facts, your’re guessing.

      • http://www.eazycomputers.com/ PhoneTechJay

        You don’t understand what I meant. If anyone ‘else’ found this, other than his students they wouldn’t have to credit him being as they found it also. Meaning more than one person can find the same thing. Understand?

      • Niclas

        Of course others may have had the exploit, but no one who was involved in the jb had it. Except the one who got it from i0n1c.

        If anyone else involved in the jb had found it without Essers help, he would have have gotten the credit.

  • Brian Voll

    More than likely, This specific jailbreak would have never been officially released by anyone from the jailbreak community because it uses that certificate.

    I can understand why people want to jailbreak, but the features in iOS 8 pretty much made it pointless for me. I miss the five icon dock though, maybe I’ll get that in the iPhone 6.

    • Dennis McCarty

      iOS8 features are not worth not having a jailbreak. Lmao. No firmware that Apple releases will ever be a reason to stop jailbreaking. Can you use a PS3 controller with iOS8? Can you slide your finger across the keyboard to move the cursor like with SwipeSelection? Can you remove all background apps with one swipe? What about full UI themes and live widgets you can move around? There is so much you can do when jailbroken (new tweaks, themes, and mods everyday) that Apple will never be able to catch up. Ever.

      • Brian Voll

        I was talking specifically for me. I don’t really care for any of the tweaks you’ve mentioned. Cool? Definitely. But, not for me.

      • http://www.eazycomputers.com/ PhoneTechJay

        iOS 8 Still wont have lock screen tweaks, Control Center tweaks, Home screen/Status bar tweaks and etc Themes aren’t what jailbreakers are really into anymore. We love tweaking our systems to do more. Apple should allow certain extensions to be installed at will. Allowing the keyboards are a good start.

    • Niclas

      That’s what I’ve been hearing since ios4. Still the interest for JB have increased.

  • http://heguy.tumblr.com Kuhnaydeein

    “Which means that, potentially, an iOS 8 jailbreak could take even longer to find than it usually does. And that’s bad news for everyone.”

    That’s terrible news for everyone! Now the app developers will actually get paid for the apps they created! Now Apple’s devices will be even more secure because without Jailbreaking how will malicious software and spyware get onto an iPhone or iPad?!? It’s god awful news because subscription based apps such as spottily may actually make the money they earn for the artists because people aren’t faking Premium Subscriptions with Cracked versions of their streaming media players found on Jailbreak app ‘stores’!!! What has this world come to?!?!?!?!?

    • Munkoli

      Wait, you can do that with Spotify? Awesome… thanks for the tip :D

      • Niclas

        Patched in the latest version, doesn’t work.

    • Niclas

      Sorry but you are an idiot. You can pirate apps just as easy with or without a jailbreak.

      • Fofer

        His point stands, though. The article ends with “and that’s bad news for everyone.” It’s not an accurate sentence. It’s not bad news for Apple, and it’s not bad news for security conscious applications, services and businesses.

        I personally love jailbreaking but of course I can appreciate the goal of a platform to not be exploited.

      • Niclas

        No it doesent. The current version of ios is exploitable. That is “bad news” right now instead of when ios 8 gets released.

        I see your point though an somewhat agree…

        Now I hate piracy but a jailbreak doesent help or block it.

      • Fofer

        Well it stands to reason that THIS exploit would have worked in iOS 8 but now it’s been “burned through,” Apple knows about it, and can/will close it before the release of iOS 8 drops. That’s one less exploit for jailbreakers to take advantage of. Obviously there may be more exploits. The question is, was it worth it to burn through, when iOS 8 is just around the bend?

        Personally I am (maybe just a little) less likely to jailbreak in iOS 8 given what I’ve seen about “extensions” and support for 3rd party keyboards. And I don’t pirate apps.

        The ONLY point I was trying to make is that this article’s conclusion completely ignores the actual benefit (to some people and businesses) of iOS being (at least as close to) 100% secure as possible.

      • Niclas

        Well, It has lasted years and many big version changes.
        It’s very likely that it had worked in ios8.

  • troopersam

    Wow, what a surprise…thieving hackers from China. Never saw that coming.

  • ddkl7780

    Couldnt have just waited for iOS 8? Douches

    • http://www.eazycomputers.com/ PhoneTechJay

      They could have but they have more back doors planned. You guys really think they wasted their only one on iOS7. There are a ton of them the evasi0n team refuse to use.

      • Niclas

        Correction: A few, with good cause…

  • Матт Реякіпѕ

    While I think it’s wrong they stole from Esser, it’s also wrong for Esser and the other prominent jailbreakers to release videos of their devices jailbroken then have little to no intent on releasing it to the masses. If you have little to no intent on releasing a jailbreak then don’t make a video of you having your device jailbroken, because the moment you do, someone is gonna make a public jailbreak a reality, with or without your OK. And then you’re partly responsible for helping burn exploits you wanted saved for another release.

    • shivam89

      The jailbreak videos are teasers and they just show off that it works on that FW but it’s not ready for everyone.

      Compare it with some videogame that was recently presented at the E3, and btw, when have they NOT released a jailbreak when it was actually needed? We still had iOS 7.0.6? So really, it was just useless burning of exploits. And yeah I know that you’re maybe going to say, what if people “accidentally” updated to OS 7.1? Then it’s their fault and nobody should care.

      And I have to admit since that jb is released I just used it on my 4S for the sake of the new FW.

  • Dennis McCarty

    Idc what anyone says, I bet money either Stefan is lying (meaning the Chinese website didn’t steal the info but figured it out themselves) or that he sold the information to the Chinese website. I’ve been in the community for years and he’s someone you don’t trust.

    • Niclas

      You are an idiot. One of them was a student of him and some watermarks from Esser in the exploit code is still in pangu jb.

      • DLAROC

        Stefan said for you to take his penis out your mouth… You obviously don’t know this guy. I’ve been in the community for 4 years now and he’s not someone you listen to. MuscleNerd, p0sixninja, p0d2g, OPK, planetbeing, iH8sn0w, these are people who don’t just say shit to say it. Stefan thinks he’s smart but he’s just a retard. He shows he has a jailbreak and then a couple weeks later blames the Chinese for stealing it?? Cmon… yeah right. He sold that shit.
        Btw, i noticed you call someone an idiot in almost every one of your comments. Do you have tourettes or are you just dumb and thats the only insult you know?

      • Niclas

        dm (pangu dev) said you should stop weeping while you suck him off. The others didn’t mind though.

        You obviously have no idea of who he is.
        Well, since you’re the new kid in the jb scene, you should pay attention. He provided an untether for a ios 4 for free.
        He is teaching about ios-security nowadays and not involved in public jailbreaking. If he shows a picture of a jb’d device, it isn’t because he will release anything. He is advertising his course.

        One of the members in the pangu team took his course, and thats where the exploit came from. He didn’t even edit that code. All students have promised not to disclose any of the shown exploits, and no one had since he began almost two years ago.
        Why I call some people for idiots? Well, it happens to be because they are idiots.

        As for 7.1 being jailbroken, I am happy. It is great. But the pangu team are only in it for the money and don’t care about anything else.

      • Fofer

        An allegation being made is that i0n1c is lying, and that he sold the exploit to them, and that they didn’t, in fact, steal it. They do mention/thank him in the app’s credits:

        “Thanks for infoleak bug from i0n1c training.”

        Sure, they could just be obnoxiously bragging about their theft, or they could be properly acknowledging their collaboration. The question is, which is it?

      • Niclas

        When he heard that they where about to release a JB out of the blue, he explicitly told them that it in no way where ok to release a jb with his exploit that they saw during the training.

    • Fofer

      The allegation being made is that i0n1c is lying, and that he sold the exploit to them, and that they didn’t, in fact, steal it. They even mention/thank him in the app’s credits:

      “Thanks for infoleak bug from i0n1c training.”

      Sure, they could just be obnoxiously bragging about their theft, or they could be properly acknowledging their collaboration. The question is, which is it?

  • Nick Bro

    Contemplating wether to keep my 5s with 7.1.1 jb and get the new iphone to play with as an wifi only ipod until ios 8 jb comes out. Or just save my money and wait till ios 8 jb comes out before ordering new iphone

  • Michael Gounelas

    i dont care if the ios 8 jailbreak will take long to be created.As long as i have ios 7.1.1 jailbroken i dont give a shit

    • Fofer

      ??? That’s some forward thinking for ya! You won’t give a shit when iOS 8 comes out? C’mon man. LOL

  • Матт Реякіпѕ

    There has been more than one jailbreak hacker showing off their device jailbroken. So many knew about the exploit. You don’t show off your jailbroken phone and expect no one to release the jailbreak. If you want people to wait for iOS 8, then don’t do videos showing iOS 7.1 could be jailbroken. It’s that simple.

  • Aaron DeArmitt

    Either way the Jailbreak works great for me and they did it when nobody else could get it done no matter what way you slice the pie!

  • Drake

    Aww poor i0n1c. Someone copied his work he gave out in teachings. Not like he was ever going to actually use it. Just shove the fact he was jailbroken in our faces. Get over it. If you don’t want someone taking your work don’t show it in the first place. It’s obvious someone was going to do it at some point. Honestly have you ever thought that an Apple Dev could of gone into one of those undercover and could of found your exploits to help patch them? Anywho. He just needs to stop trying to be a big baby and crying that someone stole his work.

  • Mohammed Burn

    you call thim thieves while you didn’t release the jailbreak for the time we all needed it at least they did something we all wanted so bad at that time

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , |