iOS Single App Mode Escape
labs.withsecure.comWhen I was in jail they had kiosks to order commissary snacks. I managed to take advantage of a race condition to crash out of the app onto the desktop. Typing was a pain because you had to use the on-screen keyboard, and I would only have a few minutes before a crowd of detainees would appear and start squawking excitedly, hoping that I could access their Facebook accounts for them, and drawing the attention of the guard.
(there was a lot of bugs in the kiosk, for instance, no bounds checking on most inputs)
I love reading comments like this, but I admit I'm always pretty curious how the poster ended up in jail. Care to share what your conviction was for?
They right clicked and pressed view source. I’m just surprised they let them out after committing such an heinous act…
You joke, but something like that is a terrifying possibility considering where things like device-attestation is headed, combined with a lack of understanding of the technology, especially the local level (e.g. I'm sure probably most of us here on HN got into trouble in elementary-school for "breaking the computers" or similar - I don't expect a local provincial magistrate to be any more understanding-of-things than the fuming head at my school)
Oh, I joke because I know we are not that far away from it…
https://techcrunch.com/2021/10/15/f12-isnt-hacking-missouri-...
https://www.darkreading.com/vulnerabilities-threats/pen-test...
I received a 3 day In School Suspension during the 7th grade for "breaking" one of the computers in the library/school computer lab. What I had done was change the color scheme of the task bar/windows.
Made even more ridiculous by the fact that the computers had ephemeral drives and would re-image when they were restarted.
I wrote a dos cli simulator that simulated an empty PC and added it to autoexec.bat.
The lab teacher didn’t figure it out and wiped every desktop and reinstalled deleting everything on them.
I felt slightly bad. Slightly.
I wish I was that clever in school! The most actual mischievous thing I did was task schedule my boss's computer to change the desktop background to a photoshopped image of my head on Miley Cyrus' body every day on my last day at work.
In 6th Form we just played Doom95 and Quake in-between classes, in-spite of Group Policy
> I'm sure probably most of us here on HN got into trouble in elementary-school for "breaking the computers" or similar
Oh, so, _so_ many times
I got expelled from high school for holding down shift while booting a windows machine, pre -98. Also suspended (the next year) because someone edited a teacher's gradebook in the "Mac lab" that he left open on an SE; of course the hacker that was expelled the year before obviously edited a single grade for someone they didn't know in a teacher they'd never met.
And I went to a Tech. Magnet. HS
In 1991 I got suspended from middle school for "putting a virus on the computer so it would not turn on".
(What I actually did was turn off the power switch on the power strip, rather than on the computer.)
In 1988 I got in terrible trouble for changing the BIOS settings and "destroying a computer" at my school. I had wheedled all the admin passwords out of the computer teacher's son and then used them to cause all sorts of "fun."
I think I had simply changed the computer so it booted from a different device, and it would have taken about five seconds to change it back...
I should make a clarification: "jail" in the correctional context refers to pre-trial detention, as opposed to "prison" which is post-trial conviction housing. This distinction doesn't happen in the real world :)
So, to answer you question, I did 10 years locked up without conviction. No trial yet. Maybe one day?
Wait, what? This wasn't in the US I presume then?
Yes. The USA allows indefinite detention pre-trial when you can't afford your bond. I really shouldn't have done a day in jail, but I didn't have access to my bank account or my possessions so I couldn't get any money together to get myself out.
I actually did over 8 years straight before I managed to put the money together from the inside. Then when I got out I made an "lol" post on Twitter because the local sheriff's dept was coming to my house every single day and arresting me, dragging me out onto the street and then letting me go. So they took me to jail again for the Twitter post and denied me bail on it since it was such a dangerous post I guess /s.
Back in highschool they also had those kiosks for adding funds to our student cards, and it would speak out like "Success". I saw someone crashed out the app (probably with a race condition, too) and used the ethernet to download audio files they prepared on the internal servers. The next day the kiosk began to yell hilarious stuff on success and that was hell of a week...
A beautiful example of hacking. Didn’t disable the primary function of the device nor did he profit from a scheme. Just messed with the usage in a humorous way. Bravo.
I get the desire to be compensated for the work that went into reproducing the Guided Access escape, but I have to agree that this is not a security issue.
Guided Access controls are in the Accessibility settings. Apple has marketed the feature as one of convenience.
And I think a hard reboot, at least this used to be true, will also exit the mode. (Hold power and home button or power and volume button combo.)
> a hard reboot, at least this used to be true, will also exit the mode.
Reboot "exit" to the passcode entry screen is less bad than the unlocked phone in this escape.
Two comments on that:
1) I wonder if the exploit here works with passcode lock on? I suspect it does not, because there’s no mention of passcode entry in the steps.
2) My rebuttal was going to be ‘but most kiosk devices don’t allow access to the power button’ - but this exploit requires that too.
For an accessibility feature, it’s extraordinarily inaccessible. Turning it on results in an awful UI involving masking off parts of the screen. No way to invert the selection. Settings aren’t saved. Choosing a password is mandatory (why can’t the normal lock screen password be a default?). And trying to turn on Guided Access at all is far from 100% reliable.
I’ve broken out of it by the extremely complex protocol of swiping up by accident, although not recently. Maybe it’s been fixed.
> Features like Guided Access and Restrictions are designed to provide parents and system administrators with the tools to discourage violations of policy by legitimate users.
Guided Access is buggy crap. I’ve seen children break out of Guided Access. I also regularly need to completely reboot an iPad to get Guided Access to work at all.
Part of me wishes that Apple would license out iOS and macOS; and the chips they run on; for the specific purposes of embedded and industrial development.
A MacBook, as good as it is for Office work, simply is not suitable on the construction site. If macOS was, say, licensed to Panasonic for their Toughbook line and it was only available to commercial customers, that would be a better arrangement.
Or, another example: iOS is fantastic, but trying to reconfigure an iPad might not be as good as just building a customized PoS system with iOS embedded. As long as these customized devices are for commercial sale only (and thus don't damage Apple's customer reputation)... why not?
Heck, if I'm really dreaming... a stripped-down iOS specifically for IoT devices could be a huge, huge market. Even if Apple only sold chips 5 generations out of date (like the A12), it would be more than enough to provide a smooth, fast, easily updatable, easy to develop for, theoretically low cost platform for smart devices.
I would hate to see this. That's essentially what the PC and Android markets are like, which are both full of shitty manufacturers making poorly supported throwaway hardware. The IoT market is even worse.
Coming from Wintel, the vertical integration of Apple is a dream by comparison. Never had a single hour of downtime, compared to all the reformats and driver reinstalls and registry hacks and display glitches and such that I've experienced with Windows machines, even top end Razers, Lenovos, Asus, and Alienware/Dell.
Android was similarly terrible until the Nexus/Pixel lines, which again have first party control. Even the Play Edition and Motorola phones had issues not worth dealing with.
There's plenty of generic chips out there, and no name manufacturers making commodity garbage. Apple doesn't need to play in that market.
Its a fair opinion to have, but I feel that anyone who still thinks this way simply hasn't used Windows on a MacBook-priced device in recent history. Are MacBooks better? In many ways, sure, absolutely. Even at Macbook-priced territory, there are wrong machines to buy; shopping for a Mac is far easier. Windows still comes with a lot of ad-driven apps that I won't use (compared to the Mac, which also comes with a ton of apps I won't use, but at least they're well-intentioned). Battery is in another universe.
Performance? The benchmarks say the Mac is in another class. There are plenty of use-cases that can leverage it. I can't; Windows is absolutely higher performance for my use-cases. Maybe its the animations. Maybe its Rosetta, as great as it is? Its definitely Counter-Strike 2 removing Mac support; its definitely Nvidia hardware acceleration in CAD applications. People use their computers in different ways; not everyone is viewing 8 streams of 4K RAW footage in their video editor.
I have yet to find a portable windows machine that doesn’t throttle performance on battery. Weird that no reviewers ever mention it but Macs have nearly no performance difference and they plugged in vs on battery and that’s a huge reason I don’t trust using any Windows laptops on the move.
Are you sure about this? My M2 has Low & High Power modes, which affect fan speeds and I think indirectly affects throttling?
https://support.apple.com/guide/mac-help/change-battery-sett... https://support.apple.com/en-us/HT212852
Does it really matter if it throttles stuff when your other option is using a mac?
That is a Mac user thing anyway. For some reason Mac users seems to have a boner for a computer that can work everywhere, especially in place where it makes everything more complicated and painful no matter the battery life. Well at least that is what they tell you; in large part thanks to the marketing. In practice I have rarely seen this sort of "advantage" really taken care of. For the most part people use their laptops for watching videos and doing simple office like task when they are on-the-go without a desk and power source.
It's quite funny because it was already one of the major arguments of Mac laptops back in the 2000s when I bought my first one. I have done tech support for full Mac companies and countless of people with various jobs position and it simply doesn't reflect how the vast majority of people use their laptop. It's a lot like the capability of SUV/luxury 4x4 to go in accidented terrain. That's nice marketing feature but barely 1% of the buyers actually use it.
Can you recommend a recent Windows laptop? I've used ThinkPads and Surface Books and Alienwares and Razers in the $2k-$3k range and none of them came close to the overall feel of the Mac.
The biggest differentiators for me are performance/watt + battery life. The Mac can keep going for a whole day while the others, even the underpowered Thinkpad with a tiny matte screen and a U-series processor and an extended battery, would die after 2-4 hours. This has consistently been my experience with every Windows laptop I've ever owned in the last 20 years. Even my Intel Macbook had better battery life, and the M1/M2 blows that out of the water. As you said, in another universe. Even while plugged in, the power efficiency means a cool and quiet machine. In two years of using one for work (web dev), I've never heard the fan come on once. Meanwhile my Windows laptops sound like jet engines as soon as the IDE opens, and while building projects, I can't even hear myself think. It's super distracting.
Other issues are screen quality (the ThinkPad matte screens were so, so bad, but I think they do have nicer Dolby Vision ones too), DPI issues (Windows took forever to properly scale the UI up, and once in a while I still run into legacy apps that need manual configuration), sound (the Macbook sounds like proper speakers, not tinny laptop ones), charging (the Surface Book couldn't maintain a charge while gaming, it would just gradually lose power even while plugged in), keyboards (the 17" Alienware was a beast but had an awful keyboard while being nearly 10 lbs), heat (the Razer was straight up dangerous to touch), issues switching between discrete & integrated graphics, etc. Bluetooth and Wifi are totally hit or miss depending on the chipsets. And driver and BIOS and power savings and standby issues all the freaking time. No manufacturer seems to care enough to vertically test their setup after release, so new updates always break something or another. I heard Microsoft recently started manufacturing some of their own chips for their ARM Surfaces; maybe that can help? I dunno, I gave up on them after a series of bad experiences with the Surface line.
I'm not really an Apple fanboy, much as it might sound like it. I use a Google Android phone, a SteelSeries mouse, a Microsoft keyboard, a Monopriced monitor, and Linux at work. I think macOS is pretty annoying sometimes, like its refusal to support the simple keyboard shortcuts for menus that every other OS has. But the Macbook is just so far ahead of any other laptop I've ever used (LAPTOP, not desktop... I still think the Apple desktops are overpriced ripoffs).
Really the only thing I miss about the Wintel world is gaming. These days I have to use GeForce Now or Game Porting Toolkit + Whisky (a GUI), but some games won't work on either. (Edit: Oh, and the glorious ThinkPad keyboards too! Those are still far and away the best, IMO.) Other than that, I feel like my life has gotten so much simpler after the switch, and going to the cafe with a laptop is a joyous experience, not a race to the outlets and hoping to find a table so I don't burn my lap.
I don't video edit either. The only demanding application in my life now is gaming, which is where GFN comes in. But I don't think the M-series is particularly known for raw performance, but rather performance/watt, especially at the medium-end where the computer can keep working for nearly a full day, with no fan and no heat. Hell, I wish they'd make Chromebooks (or Safari kiosk modes) out of these chips, without the macOS bloat. That'd be the perfect travel laptop.
> Coming from Wintel, the vertical integration of Apple is a dream by comparison
You weren't around in the 1990s...
How's that? I wasn't a Mac user back then (except in school), but IBM-compatible PCs were still a headache back then. I over-applied thermal paste and misconfigured `config.sys` or set the wrong COM port baud rates more times than I can count...
MacOS 9 was a dog's breakfast of an OS. OS X wasn't released until 2001, so until then all those Mac users were forced to run a cooperatively schedulding OS without even protected memory (!!). A typical PowerMactinosh's uptime was measured in the single-digit hours, not the weeks you'd get from NT, or months for a Unix box.
...there's no excuse for that given Apple's vertical-integration.
That's all true, but nonetheless it was a ton of fun for those of us who were into desktop customization at the time. With how system extensions worked in Classic Mac OS (they could overwrite bits of the system in memory) there was practically nothing they couldn't do, and as a result it was one of the most effortlessly extensively customizable desktops to ever exist. Even 22 years later, in some ways Linux, the long reigning champion of customizability, has yet to beat it.
Of course, that extension model was hilariously insecure and wouldn't have worked in the modern era, but it had its perks.
This was popular on Amiga as well, although maybe less clean and "officially supported" compared to Mac OS system extensions. There were Amiga utilities that remapped OS system calls to custom functions with performance optimizations, enhanced functionality, or different behavior altogether.
The 68000 series CPUs didn't have an MMU built-in until the 68030, which I guess was far too late to see much use in consumer OSes. Pretty shocking that the jump to PPC wasn't enough for Apple to take care of that stuff, but I guess that was going to be Copland before it was canned. At least Amiga had preemptive multitasking from the beginning.
Ah, I can believe that. The Macs we did have at school did not impress much. We saw the sad Mac face quite a lot, and had to use the debugger often ("g finder" IIRC).
I never had experience with NT until Windows XP. Did play around with MS-DOS, PC-DOS, Win 3.x and 9x, OS/2 Warp, and early Slackware though. None of those were particularly user-friendly or stable, lol, especially by today's standards. At the extreme end, I've fried a motherboard (shorted it somehow on first boot) and melted a laptop (tried to install Linux on it, apparently didn't have the fan drivers or something). Then early 3Dfx cards were also a pain to get working reliably, especially with SLI.
It was just a rough time for everyone, lol. I think the only things from that era that actually worked well were my PalmPilot and Casio calculator watch :)
I managed a college Mac computer lab (it was in the school of education, I guess Apple had a lock on schools with those brightly colored iMacs, which is what we had) from 1998-2000 when I was in graduate school. I don’t recall many problems, but maybe I’ve forgotten over the years.
This was middle/high school for me. We were kids and we wanted to break things :) We'd use the debugger to bypass parental controls, edit files to change our MathBlaster scores, poke around apps with ResEdit, etc.
Yeah, we sometimes left the computers in various states of brokenness... but damned if it wasn't educational :) Our teachers eventually caught on, and rather than punishing us, they made us all lab assistants and gave us extra time after school to do LAN parties.
>I would hate to see this.
Why? You could still buy the real thing. This would not detract anything from your user experience.
What I don't want to see is an ecosystem of shitty accessories and software, like the fragmentation of the Android ecosystem or the race-to-the-bottom of the Wintel world. It means developers have to develop against a bunch of incompatible devices with vastly different specs and chipsets, rush things to market without thorough testing, and stop supporting them soon after release. I've had that experience with all the Wintel laptops I've had, along with all the pre-Nexus/Pixel Androids, and basically every Wifi router and Bluetooth dongle I've ever owned.
The world is overflowing with cheap, crappy electronics and fake reviews. It's nice to have a curated selection sometimes.
I really don't udnerstand this. This is literally saying "I really wish that Apple would do that thing they did in the 90s that pretty much bankrupted the company".
Apple is a hardware company, the OS is what makes it possible to use the hardware. One without the other does not make sense given that model. It's like saying "I wish Nintendo would license switch hardware and OS out to other people".
https://en.wikipedia.org/wiki/Power_Computing_Corporation
> Heck, if I'm really dreaming... a stripped-down iOS specifically for IoT devices could be a huge, huge market.
That’s effectively what runs the HomePods and AppleTV.
> a stripped-down iOS specifically for IoT devices could be a huge, huge market.
Have you seen Zephyr? [0]
Apple did that once, and then changed their mind. I suspect they think it degrades their brand.
They don't even let the owners of their iphones run their own software without asking permission.
Doesn’t this break most of the things that are unique to Apple?
Not entirely, It'd still be macOS/iPad OS and the accompanying hardware, but say for the suggested toughbook-like you still get the useful ergonomics of apple's software but in a ruggedized form factor in a market segment that has been stuck with a few specific products because of specific requirements.
I don't think they're suggesting go full on wintel with every major computer manufacturer having a free for all making a same but slightly different styling and slightly different quality.
Sounds like that'd be an opportunity for collaboration, like an Apple x Panasonic special edition Toughbook. Likely that would have significant screen and sound and heat tradeoffs though.
I hope Apple doesn't license out their stuff and dilute their brand though. Didn't they already try that with Apple compatible OS 7 PCs back in the day? https://en.wikipedia.org/wiki/Macintosh_clone?wprov=sfla1