Talk Title :

Jailbreaking the AppleTV3 - Tales from a full stack hack

Abstract :

The AppleTV 3 is among few apple devices which did withstand hacking the longest.Only 8 years after release a jailbreak was published, which exploits 5 different n-day vulnerabilities to achieve full untethered compromise.

The reason that the AppleTV3 kept its guards for so much longer than even newer and by magnitudes more secure iPhones, lies in the significantly reduced attack surface (and arguably lower interest from hackers to put up the effort).

Equipped with several n-day vulnerabilities this presentation takes another look at this (now end-of-life) device and walks you through an exciting adventure of pwning the device bit by bit, while discussing problems encountered at each step and their corresponding methods to solve them.

The general audience will learn several tricks which can come in handy for attacking other restricted devices, while the motivated (beginner-level-)hacker will get all information needed to reproduce this exploit-chain himself.

Minor iOS updates breaking the exploit chain (but not fixing the actual vulnerabilities) were release after publishing the jailbreak, however the jailbreak was purposefully not updated to account for those to leave the opportunity for others to learn from this project.

Bio :

Tihmstar is a vulnerability researcher, focused on mobile with a hobby of hacking iOS devices.

Tihmstar worked on jailbreaking iOS devices including iPhone, iPad, iPod, Apple Watch and Apple TV covering a wide range of devices from old ones like iPhone4s up to the most recent ones including iPhone12 pro.

Want to connect with Tihmstar?