The History Of Jailbreaking [Feature]



Back in 2007, Steve Jobs used a famous quote from ice hockey player Wayne Gretzky to summarize Apple’s commitment to innovation: “I skate to where the puck is going to be, not where it has been.” That’s long been true for Apple and products like the iPhone and iPad. But for more than four years, jailbeaking has pushed the boundaries of iOS even farther.

If Apple skates to where the puck is going to be, then jailbreakers have usually already been there and left. The hackers and tinkerers that find security loopholes in Apple’s software are some of the most brilliant, innovative minds in the tech world.

We’ll be covering JailbreakCon 2012 this weekend in San Francisco, the world’s first convention dedicated solely to the jailbreak community. What better way to get ready for the future of jailbreaking than to examine the past? Let’s start from the beginning:

What Exactly Is Jailbreaking?

For those who don’t know, “jailbreaking” is the process of gaining root access to the iOS platform, effectively ‘breaking out’ of the restrictions Apple puts in place. You can then install apps that haven’t been vetted by Apple and tinker with the OS itself. Unlike Android, iOS is by default a walled garden. You’re supposed to play by Apple’s rules. Apps aren’t allowed to interact with iOS at the core level, and you can’t add to, remove, tweak, or enhance aspects of the operating system. That’s where jailbreaking comes into play.

Jailbreaking is free and legal in the United States and many other countries. When you jailbreak an iOS device like an iPhone, you gain access to Cydia, the jailbreak version of the App Store. (More than that later.) In recent years, the actual process of jailbreaking has become pretty easy and straightforward. To jailbreak an Apple device, you usually need a desktop computer to administer the hack.

Since the original iPhone’s release back in 2007, jailbreak hackers and developers have been cracking new versions of iOS only to have their work later patched by Apple.

The Early Days

George Hotz, a.k.a. “geohot,” quickly became a legend in the hacking community for his work on the iPhone. A CEO famously gave him a new Nissan 350Z for an unlocked iPhone.

You might think that an elite team of veteran hackers would be responsible for breaking into software from one of the most security conscious tech companies on earth. It actually started with a seventeen-year-old named George Hotz, or “geohot.” When the iPhone launched on AT&T in an exclusive partnership, Hotz decided that he wanted to use the iPhone on T-Mobile. According to The New Yorker Hotz used a Phillips-head eyeglass screwdriver to take his iPhone apart. He then used a guitar pick to get at the phone’s tiny baseband processor, the chip that locks an iPhone to a certain carrier. Using a soldering tool, Hotz managed to scramble the baseband’s code and take control.

Apple’s Jesus phone had been hacked, and the jailbreak revolution began.

Separately, a group of young hackers gained access to the first iPhone’s operating system only a few short days after it went on sale. On July 10th, 2007, a video was uploaded to YouTube showing a first-gen iPhone playing a custom ringtone.

Apple would not allow its users to download custom ringtone apps from the App Store until three years later.

Shortly after the first jailbreak was unveiled, a developer named Jason Merchant created the first third-party game for the iPhone (Apple had not yet announced the App Store). The concept of the game was simple: blow up Microsoft Zunes with a mini-iPhone.

In October 2007 the iPhone Dev Team, a collection of hackers from different parts of the world (excluding George Hotz), released the first public jailbreak with clear install instructions. The process of jailbreaking then was considerably more complex than it is today. Once jailbroken, a barebones ‘app store’ called was added for installing hacks and tweaks.

Birth Of Cydia

Jailbreaking sparked the general public’s interest in the summer of 2008 when Cydia shipped with the iPhone Dev Team’s jailbreak for the iPhone 3G on iOS 2.0. Jay Freeman, known online by the pseudonym “saurik,” was (and is to this day) commonly referred to as the father of jailbreaking—not because he created the first jailbreak, but because he created Cydia, the gateway to installing jailbreak apps and tweaks.

Jay Freeman, a.k.a. “saurik,” runs Cydia, a storefront used by millions of people for discovering jailbreak apps and tweaks.

Before the iPhone, Freeman had used and loved Nokia’s candybar phones. While Apple nailed the modern web device with the original iPhone, many of the features that previously constituted a full-featured “phone” were absent. He missed features like the ability to send a text message to multiple numbers at once (a feature Apple wouldn’t officially add until two years later) and selective answering for incoming calls (a feature Apple just added this summer in iOS 6 with Do Not Disturb).

“Instead of playing in Apple’s sandbox like everyone else, Freeman decided to change the rules”

When Apple unveiled the App Store in the summer of 2008, Freeman knew that Apple would keep the App Store ecosystem closed. You would never be able to install an unapproved app, much less a low-level system tweak, with Apple’s permission. So instead of playing in Apple’s sandbox like everyone else, Freeman decided to change the rules for himself. He took matters into his own hands.

Cydia is more than a jailbreak version of Apple’s App Store. Cydia is an alternative to apps, as it specializes in things that aren’t necessarily “apps” at all in the traditional sense. Instead of an app, you typically install get a new feature added to iOS in the form of a tweak or extension. Instead of a typical Twitter client like Tweetbot, you would get an extension like TwitkaFly that allowed you to tweet from anywhere in iOS. TwitkaFly was available to jailbreakers months before Apple added the feature in iOS 5.

The Cat And Mouse Game Continues

With Apple released iOS 3.0 in March of 2009, jailbreakers had to go back to the drawing board. The iPhone Dev Team released a jailbreak for the newest software, but a jailbreak for the iPhone 3GS was not released until George Hotz returned to the scene  in the summer of 2009. The Chronic Dev Team, another group of hackers dedicated to jailbreaking new releases of iOS, ported Hotz’s jailbreak tool for the iPhone 3GS to the Mac. Shortly after Hotz released the first jailbreak for the third-gen iPod touch.

The cat and mouse game between Apple and hackers like Hotz continued until the original iPad release in April of 2010. Hotz claimed to be working on a jailbreak for the new tablet, and he registered the domain

Nicholas Allegra, a.k.a comex (image via Forbes)

A relatively new figure in the jailbreak community known only as “comex” came onto the scene with the release of Spirit, a simple, one-click tool that could jailbreak all iOS devices on iOS 3.1.3 or 3.2. Comex, who’s real name is Nicholas Allegra, would later be featured in Forbes and hired by Apple. Jailbreaking was starting to become too big to ignore.

Apple released iOS 4 in June 2010, and all available iOS devices were jailbroken within a week. After the release of the iPhone 4 that same summer, George Hotz announced his official retirement from jailbreaking, leading many to believe that Apple had patched his mysterious Limera1n hack. Hotz would later join Facebook after jailbreaking the PS3 and fighting a high-profile lawsuit with Sony.

Around the same time, the U.S. Library of Congress ruled that jailbreaking was legal under the Digital Millennium Copyright Act. It’s still legal to this day, but that doesn’t mean it won’t void your warranty.

Jailbreaking Goes Mainstream

JailbreakMe could jailbreak any iOS device in a matter of seconds—no additional computer required.
Jailbreaking was mostly for the digerati until the iPhone 4 was jailbroken in the summer of 2010. Comex released JailbreakMe 2.0, the first jailbreak that could be installed by simply visiting a website in the iPhone’s Safari browser. Jailbreaking the iPhone had always required the savviness of finding the right tools online, but JailbreakMe was the first tool that just worked. You could tell your friend to visit the URL, tap a button, and presto: jailbroken. No need for a desktop computer for special instructions.

Needless to say, Apple quickly responded to JailbreakMe by releasing iOS 4.0.2 and patching the exploit less than two weeks later.

When Apple released iOS 4.1, the Chronic Dev Team announced the discovery of a bootrom vulnerability called “SHAtter” that would jailbreak all of the most recent Apple devices for life, including the iPhone 4. Because the exploit worked at the hardware level, Apple would not be able to patch the jailbreak until it released new iOS devices with different internals. Security research guru “pod2g” was responsible for discovering SHAtter, and he has continued to work on new exploits until today.

Geohot teased Limera1n on his personal iOS devices before releasing the free tool to the world.

George Hotz briefly came out of retirement in October 2010 to release his Limera1n exploit, a hack that took advantage of another low-level bootrom vulnerability in Apple’s hardware. Limera1n was the first exploit capable of jailbreaking the iPhone 4 on iOS 4.1 and the second-gen Apple TV. Groups like FireCore would later capitalize on the Apple TV by releasing all kinds of enhancements and tweaks for the jailbroken set-top box.

The Chronic Dev and iPhone Dev teams continued releasing jailbreaks and baseband unlocks for iOS 4 with the help of hackers like iH8sn0w and pod2g. Eventually comex released JailbreakMe 3.0, a second iteration of his web-based jailbreak tool. Released in July 2001, JailbreakMe 3.0 worked on all iOS devices and was the first tool that worked on the iPad 2. Apple swiftly responded again with a patch days later.

Jailbreakers like saurik, p0sixninja, geohot, and others hang out together at DEF CON. (Image via Justin Williams)

Jailbreak hackers from across the globe gathered in London on September 17th, 2011 for the world’s first jailbreak convention. Originally called MyGreatFest, the convention featured the brightest minds in the community, including Jay Freeman and the Chronic Dev Team. At the event, the iOS 5 jailbreak was discussed, and Freeman revealed that about 10% of all iOS devices are jailbroken and running Cydia.

The iOS 5 beta was jailbroken for developers until Apple publicly released iOS 5 in October 2011. The iPhone Dev Team and pod2g worked furiously on a public, full jailbreak for iOS 5, and the jailbreak was released in December for A4-based devices. In January 2012, a jailbreak for A5-based iOS devices (iPhone 4S and iPad 2) was released. In May 2012, pod2g and the Chronic Dev Team released Absinthe 2.0, the most recent tool for jailbreaking all iOS devices, including the third-gen iPad on 5.1.1.

Looking Ahead: iOS 6 And A New Horizon

Apple recently released iOS 6, and a new horizon of innovation and opportunity lays ahead for jailbreakers. The idea that there’s no longer a need for jailbreaking is ridiculous. If jailbreakers were to run out of things to do to iOS, then Apple would likely run out of things to do as well. The possibilities are just as interesting and unknown as they’ve ever been.

The iPhone 5 was jailbroken by @chpwn on Twitter only hours after it went on sale.

Notable jailbreak hacker Grant Paul, also known as “chpwn,” has jailbroken the iPhone 5 already, but it will likely be some time before a public jailbreak is released for the rest of us. The third-gen Apple TV has still not been jailbroken, and Apple will continue patching exploits and releasing new devices. The game of cat and mouse is far from over.

The jailbreak community is gathering this weekend in San Francisco for JailbreakCon 2012, and Cult of Mac will be there in full force. Make sure to follow our coverage all weekend for more from the show floor.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.