[attrition] rant: how Apple iPWNED my iPhone

[lyger]

http://attrition.org/security/rant/z/iphone.html

Thu Oct 01 21:00:00 EST 2007
d2d

Apparently, I'm a hacker (at least according to Apple). Every blog 
headline out there seems to indicate that. I downloaded and installed 
third party software onto my iPhone, an act that took me all of 3 clicks 
to do, and therefore I am a l33t iph0n3 h4x0r!

Here is the order of events in my iPhone extravaganza experience:

    1. Work tells me I need to buy a phone as a result of changes in tax 
laws.

    2. I google the iPhone. It looks sexy.

    3. I google "iphone +ssh"

       1. I get this: http://churchturing.org/w/iphone-ssh/ - NO THANKS,
          not giving you my passwords

       2. I find this: http://iphone.nullriver.com/beta/

    4. After an intense orgasm over the fact that I could have native ssh, 
I hit up the AT&T store.

    5. iPhone in hand, I install this crazy Installer.app (all gui, all 
real easy), then install OpenSSH and a Terminal.

All worked well. Two days later, an update shows up in iTunes when I dock 
the thing, as well as the following message:

WARNING: Apple has discovered that some of the unauthorized unlocking 
programs available on the Internet may cause irreparable damage to the 
iPhone's software. IF YOU HAVE MODIFIED YOUR iPHONE'S SOFTWARE, APPLYING 
THIS SOFTWARE UPDATE MAY RESULT IN YOUR iPHONE BECOMING PERMANENTLY 
INOPERABLE.

Yikes! 400$ for the phone, and a nice 2 year contract with AT&T, and I'm a 
going to be punished with a bricked phone for installing OpenSSH? Could 
someone explain to me how installing an application on a UNIX-based system 
(iPhone) constitutes damaging it? I've never seen OpenSSH go that awry.

[...]