Google has released a powerful tool that can help security researchers hack and find bugs in iOS 11.1.2, a very recent version of the iPhone operating system.
The exploit is the work of Ian Beer, one of the most prolific iOS bug hunters, and a member of Google Project Zero, which works to find bugs in all types of software, including that not made by Google. Beer released the tool Monday, which he saysshould work for “all devices.” The proof of concept works only for those devices he tested—iPhone 7, 6s and iPod touch 6G—“but adding more support should be easy,” he wrote.
Last week, Beer caused a stir among the community of hackers who hack on the iPhone—also traditionally known as jailbreakers—by announcing that he was about to publish an exploit for iOS 11.1.2. Researchers reacted with excitement as they realized the tool would make jailbreaking and security research much easier.
While it might seem surprising that Google would release a tool to hack a device from a competitor, it actually makes a lot of sense. The iPhone is one of the hardest consumer devices to hack, and researchers who can do that and are able to find bugs in it rarely report the bugs or publish the tools they use because they are so valuable. But Google Project Zero researchers don’t need the money, and their mission is precisely to make all software, especially that owned by other companies, safer.
Google told Motherboard that Beer’s goal is to allow other security researchers to explore and test the security layers of iOS without needing to develop and find their own exploits. In other words, Google gave other researchers a starting point, a base, to bootstrap their own research. The final goal, Google said, is to help security researchers find even more bugs and hopefully report them to Apple so that they get fixed. Apple did not immediately respond to a request for comment, but the exploit has been patched. If you’re not interested in jailbreaking your phone, you should update immediately.
Luca Todesco, one of the most well-known iOS hackers in the world, told me that Beer’s tool can definitely help researchers who don’t have their own iOS bugs. Other iOS researchers such as Marco Grassi or Ryan Stortz have already speculated that Beer’s exploit could be turned into a full jailbreak.