As if the iPhone hype machine needed more fuel, early adopters have been treated to a series of proclamations that the device, through a sophisticated manipulation of the phone's inner workings, could be released from the shackles of Apple's exclusive service-provider contract with AT&T. The buzz spread quickly through blogs and, later, television interviews posted to YouTube that the iPhone hack was legit. Yet it's likely to amount to little more than an interesting exercise in what youthful effort and ingenuity can accomplish.
George Hotz, a 17-year-old New Jersey native now attending the Rochester Institute of Technology, became something of a mini-celebrity for putting the finishing touches on a communal effort to manipulate the iPhone by taking advantage of a common interface for testing memory and interconnections within newly manufactured circuit boards, also known as the JTAG standard, after the Joint Test Action Group that developed it. Hotz's hack exploited the JTAG interface to allow him to load his own software onto the iPhone.
Hotz's work in breaking Apple's Subscriber Identity Module (SIM) card restrictions is "excellent reverse-engineering work," says Paul Kocher, president and chief scientist at Cryptography Research, a San Francisco-based security research and technology licensing company.
Hotz himself admitted in a blog posting last week that the process for enabling the SIM switch is far from simple and took him and a number of other hackers more than 500 hours to develop. "The current method involves taking apart your phone and doing some complicated soldering, with a high probability of a bricked phone," he said. In his blog, he announced plans to release next week step-by-step instructions for unlocking the iPhone SIM restriction.
Still, it's unlikely that Hotz's anticipated tutorial or any of the other emerging techniques for altering the iPhone will have much of an impact on the phone's customers. One major disincentive for anyone considering copying Hotz's work is that, even if they manage to get the hack to work without turning their iPhone into an expensive paperweight, such a move would completely void any warranty with Apple. They wouldn't be able to count on Apple's help in the event their iPhone malfunctions or needs maintenance.
Hotz's successful unlocking of Apple's SIM card restrictions is not an issue for those using the iPhone who are happy with their AT&T service. It's not much of a problem for AT&T or Apple either, Kocher says. Even though Apple may sell more than 800,000 iPhones in the current quarter, according to UBS analyst Ben Reitzes, "the number of phones impacted is negligibly small," Kocher adds. This has been confirmed by security software maker Symantec, whose security research division has determined that, "in the default, out-of-the-box configuration, the average iPhone user will probably not encounter any security issues," a spokesman says.
The iPhone is based on global system for mobile telecommunication (GSM) wireless technology, which is deployed widely throughout Europe but used in the U.S. only by AT&T and Deutsche Telekom's T-Mobile, further limiting the impact that SIM swapping techniques will have on U.S. iPhone users. Verizon and Sprint are not compatible with AT&T's SIM technology.
Whereas the ability to use an iPhone on networks other than AT&T's has some appeal, it's a bit more complicated than that. "The iPhone assumes relatively strongly that you have a good unlimited data plan with your carrier," says Bob Blakley, a principal analyst with technology research firm Burton Group and former IBM Tivoli chief scientist for security and privacy. Speaking via his own iPhone, Blakley added, "If you just unlock your iPhone and use it with your existing carrier and don't have an unlimited data plan, you're going to get a very interesting bill at the end of the month."
Could the current wave of iPhone hacks open the door to more serious security problems? Possible but unlikely. Cell phones in general have poorly written software, although iPhones are actually better than most, Kocher says. Yet cell phones are much less attractive as targets for malicious hackers because of the heterogeneity of the cell phone world: different manufacturers making different phones that operate on different networks. PCs, because so many of them run on the same Microsoft Windows platform, have been a much richer target for attackers.
Apple brought this type of attention onto itself by telling people up front that they couldn't write software for the iPhone, Kocher says. "Telling people they couldn't do it was the best way to get people to do it," he adds. Paul Schmehl, senior information security analyst at the University of Texas at Dallas, agrees, saying, "Both Apple and AT&T were unrealistic in their expectations if they truly thought that no one would figure out a way around their proprietary arrangement."