Meet Comex, The 19-Year-Old iPhone Uber-Hacker UN agency Keeps Outsmarting Apple

Nicholas Allegra lives together with his oldsters in Chappaqua, New York. The tall, shaggy-haired and spectacled 19-year previous has been inactive from university since last winter, longing for AN position. And within the in the meantime, he’s been defrayment his days on a hobby that sporadically sends shockwaves through the pc security world: seeking out cracks within the ASCII text file of Apple’s iPhone, a tool with a lot of code restrictions than much any laptop on the market, and exploiting them to totally obliterate its defenses against hackers.

“It looks like written material AN English paper,” Allegra says merely, his voice croaking as if he simply awakened, although we’re speaking at 9:30 pm. “You simply bear and appearance for errors. I don’t grasp why I appear to be therefore effective at it.”

To the general public, Allegra has been better-known solely by the hacker handle Comex, and keeps an occasional profile. (He united to talk once Forbes‘ gesture around Twitter, Facebook and therefore the Brown Directory discovered his name.) however in what’s turning into nearly AN annual summer tradition, the onymous hacker has double free a chunk of code known as JailBreakMe that permits several users to strip away in seconds the ultra-strict security measures Apple has placed on its iPhones and iPads, devices that account for over 0.5 the company’s $100 billion in revenues.

The tool isn’t supposed for thievery or vandalism: It just lets users install any application they need on their devices. however jailbreaking, because the apply is termed, violates Apple’s obsessional management of its gadgets and demonstrates code holes that would be exploited later by less benevolent hackers.

Apple didn’t answer requests for comment, however it’s not excited regarding Allegra’s work. once he free JailbreakMe three in Gregorian calendar month, the corporate hurried to patch the protection gap in only 9 days. all the same, 1.4 million folks used the tool to break their gadgets in this time, and over 600,000 a lot of since then. Allegra has become such a thorn in Apple’s aspect that its stores currently block JailbreakMe.com on in-store wireless fidelity networks.

“I didn’t assume anyone would be able to do what he’s in hot water years,” says Charlie Miller, a former network exploitation analyst for the National Security Agency UN agency 1st hacked the iPhone in 2007. “Now it’s been done by some child we tend to had ne'er even detected of. He’s entirely blown Pine Tree State away.”

To appreciate JailbreakMe’s brilliance, think about however tightly Steve Jobs locks down his devices: Since 2008, Apple has enforced a safeguard known as “code-signing” to stop hackers from running any of their own commands on its mobile software package. therefore even once AN wrongdoer finds a security bug that provides him access to the system, he will solely exploit it by reusing commands that ar already in Apple’s code, a method security scientist Dino Dai Zovi has compared to writing a ransom note out of magazine clippings.

After Allegra free JailbreakMe two last year, Apple upped its game another notch, randomizing the situation of code in memory in order that hackers can’t even find commands to hijack them. That’s like requiring AN wrongdoer to assemble a note out of a random magazine he’s ne'er browse before, within the dark.