A previous confirmation by the non-profit privacy and security organization XRSI surrounding a successful Quest 2 ‘jailbreak’—a means of freeing the device from Facebook account requirements and other software-based restrictions—has been put in doubt with a recent anonymous source discrediting the method as “fake”. XRSI has responded to the claim, saying they’re still in the vetting process.
Following an advertisement of a cash bounty to attract would-be jailbreakers by Mozilla WebXR software engineer Robert Long, Oculus founder Palmer Luckey, and other community members, XRSI had reported in late October that a researcher from the XR community had gained root access to Oculus Quest 2 and was able to fully bypass Facebook Login—a controversial new requirement that comes part and parcel with Quest 2.
The mantle was taken up by XRSI to protect the anonymity of those involved and vet the jailbreak, which it says is being carried out by independent researchers. However, now XRSI has found itself embroiled in controversy, requiring a response to a prominent claim regarding the jailbreak’s veracity. XRSI says that, although the results were “not as straightforward and regular as they must be,” that the jailbreak method is still very much real.
The source of the controversy is an anonymous Reddit user who drew a fair amount of attention this week, claiming insider knowledge of the jailbreak and claiming it was fake based on some clear impossibilities.
In the post, which has since been deleted but can still be accessed via a cached webpage, the apparent insider claims the jailbreak in question isn’t real based on its reported ability to install Linux and Windows XP, the latter of which cannot be installed on Quest 2’s ARM-based CPU, which natively runs a custom variant of Android.
This, the anonymous source concludes, must have been a Virtual Machine (VM) to emulate Window XP and not a proper boot-unlock as such. Here’s an excerpt from the now-deleted post:
As the title states, the “confirmed” jailbreak on the Oculus Quest 2 is fake and does not provide root access to the device. A third party was tasked by the XRSI with replicating the jailbreak including investigating the possibility of other methods of jailbreaking the device but they told me after two days straight they could not verify that it was ever jailbroken in the first place. When informed, the XRSI decided to ignore this and continues to maintain that the jailbreak is real. They plan to release a statement to state that Facebook made a change to revert the jailbreak, this is untrue.
The source went on to encourage “all IT professionals to push the XRSI for evidence of their claims with regard to the jailbreak of Oculus Quest 2.”
It’s been suggested that XRSI’s initial announcement of a successful Quest 2 jailbreak may have hindered other efforts to do the same—especially those interested in the bounty—by claiming the finish line had already been crossed.
Marco Magnano, XRSI’s Executive Director of Communications, provided Road to VR with a response to the claims made by the anonymous source. Here’s that text in full:
There is not much we can say about that Reddit post because the premise of it (the definition of “fake”) is quite inaccurate and offensive on our side. What we provided in the first place has been the protection for the researchers who proposed the jailbreak and for the ones who validated it. So, it’s not something we made up.
Our verification process, delegated to trusted independent researchers, consisted of a remote demonstration of the actions performed on the device to unlock it and to install different Operative Systems in order to access the hardware. At that point, after the validation of what was seen, we started the second part of the process, asking the independent researchers to reproduce the whole set of actions. Unfortunately, the results are not as straightforward and regular as they must be. I would like to reiterate what we said in the original announcements – “We are currently working to gather assurances to protect the individuals who discovered these methods of jailbreak.”
Due to legal and ethical reasons, we are going to allow the individuals’ rights to remain private, but the point we made still stands: We need to protect the researchers and hackers who perform the jailbreak – It is a damn shame that people are trying to force XRSI to disclose this matter unethically and without a due course of the legal process. We remain steadfast in protecting the researcher involved and would appreciate everyone’s patience while we conclude the process.
Magnano further denies the claim that Windows XP was even seriously considered as a potential OS, saying that it was “a joke a researcher heard from the jailbreakers when he was asked ‘hey, what could be the funniest thing to try and install on the device?'”
Robert Long, the person who kicked off the bounty award with $5,000 of his own cash, also has his doubts about the jailbreak. He expressed his concerns about its veracity, saying there were “red flags in the verification process” that pointed to either a mistake made by the independent security researcher, or a malicious or confused jailbreaker which led to publicly claiming it was verified before it was ready.
“XRSI definitely should not have made a public statement saying it was verified when they did,” Long says.
Still, Long is very much in XRSI’s camp, saying that he supports the organizations approach despite, according to him, prematurely announcing the jailbreak’s success.
I still stand with XRSI. Idk why anyone would come after them like this. If you know the information will get out there eventually, why rush the process and put people and the movement for XR rights in danger?https://t.co/sDV0IIvb72
— Robert Long (@arobertlong) November 12, 2020
Payoff Still Pending
Although we’re no closer to knowing the full story, it’s possible to read between the lines somewhat given what we know already.
The anonymous source has some insider knowledge, as evidenced by the claim (puzzling though it may be) that Windows XP was mentioned between researchers and jailbreakers. Whether it’s a malicious attempt to discredit the project and its organizers, the act of a disaffected party, or a true look inside its inner workings remains to be seen. Long maintains the issue is a feud between the insider and XRSI in how to best deal with the issue at hand.
Knowing if this particular jailbreak is indeed authentic will likely come when XRSI either releases the jailbreak, or somehow backs up its claims with further proof. On the face of it, this approach doesn’t seem antithetical to its mission of protecting the researchers and jailbreakers involved, however revealing any info could compromise someone somehow, which XRSI doesn’t want if it intends on furthering this particular jailbreak, or any other method it happens to attract in the meantime.