T-Mobile’s G1 was released last week and there has been at least one Android vulnerability announced already. The New York Times reported on research done by [Charlie Miller], who also helped find one of the first iPhone bugs, so we think the report is fairly credible. Last year, we saw him deliver a seminar on real world fuzzing at ToorCon 9. It covered exactly how they found the iPhone bug.
If you just want to use a G1 without service, you can activate it with any T-Mobile SIM card.
Above is Boing Boing Gadgets’ concise video review of Griffin AirCurve. It’s garbage. We first talked about it in our loaded horn post because it looked like something fun to redesign.
The iphone-dev team published a video today showing access to the iPhone’s baseband processor. They connect to the device over ssh and then use minicom to issue AT commands. They’re writing custom AT commands for full control.
The iphone-dev team hasn’t been resting on their laurels since releasing the iPhone Pwnage Tool 2.0 nearly two weeks ago and decided to update everyone on their progress. Despite the iPhone 2.0 jailbreak, there still isn’t a way to unlock a 3G phone. They’ve managed to do other things like downgrade a 3G to an older baseband firmware, which demonstrates their ability to bypass security checks and run unsigned code on the baseband. A nice side effect of all the downgrade work is that they’ve perfected the percautions they take to prevent bricking. The team has been following threads about using SIM proxy devices for unlocks as well, but concluded that the devices are a kludge at best and reliability can vary wildly depending on the phone’s location. They also pointed out the fine work that RiP Dev has been doing on Installer 4 which will help you install software that isn’t from the AppStore.