Signature check circumvention allows free tethering without a jailbreak

Signature check circumvention allows free tethering without a jailbreak

An interesting security hole has been discovered that allows people to circumvent iOS Carrier.plist file checks by creating, modifying, and restoring a backup file. The example presented iTweakiOS uses the hack to enable tethering without having to go through a carrier.

The iOS Carrier.plist file is responsible for a number of carrier related-settings, including device tethering. iTweaksiOS modified the value of the cellular gateway used for tethering so data could be directed to go through the gateway used for normal device traffic instead.

CommCenter, the iOS service responsible for handling network connectivity, normally performs a signature check on the Carrier.plist to ensure it has not been tampered with. However, modifying it on a backup file and then restoring the modified backup worked to circumvent the check. While it is unclear why it's possible to get around the signature check this way, it seems likely that Apple will fix this with the public release of iOS 7 this fall.

(In case anyone is tempted to try the hack in the meantime, be warned that carriers have been known to start billing users for tethering if they suspect you of tethering illicitly.)

Source: iTweakiOS

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at Double Encore. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

4
loading...
0
loading...
36
loading...
0
loading...

← Previously

Would you be interested in a water resistant iPhone? [Poll]

Next up →

Put out some more fires with Sprinkle Islands, now available on iOS

Reader comments

Signature check circumvention allows free tethering without a jailbreak

7 Comments
Sort by Rating

Sad indeed. I would love to flick on the Personal Hotspot feature that Apple built into into my phone to use some of the data I pay At&T for...but that would mean switching to a 5 GB plan and paying an additional $20 per month. No thanks - my butt already kinda hurts.

Tethering has been included since carriers dropped the unlimited plans and gave everyone hard data caps.

Back in the day when blackberry controlled the market the big 3 were giving anyway unlimited data plans because no one needed them and were barely using much data (thanks to BB compression); at that time tethering was chargeable. Today with ios and android running around they removed the unlimited plans given us specific bandwidth limits and allow tethering; which they hope will get you over your monthly limit and ding you with overages.