Researcher claims changes in iOS 7 security makes it more vulnerable to attacks than iOS 6

ADDZ Mar 18, 2014

  1. AD

    ADDZ Guest

    Researcher claims changes in iOS 7 security makes it more vulnerable to attacks than iOS 6


    Azimuth Security researcher Tarjei Mandt claims that the changes made by Apple in iOS 7 to tighten kernel security has weakened it, making it a lot more vulnerable in iOS 6.

    Mandt revealed his findings at CanSecWest security conference.

    Mandt points out that the problem is with the random number generator that Apple uses to encrypt the kernel. Apple used to use a random number generator based on the phone’s CPU clock counter on earlier version of iOS 6. Apple however recognized that the method of generating random numbers was not very secure as it was predictable.

    In iOS 7, Apple switched to a linear recursion algorithm to tighten the security, but Mandt points out that the new generator has more correlation between values, which makes it easier to extrapolate and guess.

    “Normally, you shouldn’t be able to get any of these values in the first place,” Mandt said.

    The kernel exploit is severe, although Mandt did not pair it with a vulnerability. Still, that means that anybody who can find an unpatched vulnerability in iOS 7, such as the “goto fail” vulnerability that was patched last month, can gain kernel-level access.

    Apple security engineers approached Mandt afterwards, and seem quite concerned about his findings. Apple has been working hard to stay ahead of the cat and mouse game with the jailbreak community, so it remains to be seen if the jailbreak community will be able to use the exploit to develop a jailbreak for iOS 7.1, and ensure that it cannot be used by a hacker with malicious intent.

    Apple patched a number of vulnerabilities in iOS 7.1, which were used by evasi0n7 to jailbreak iOS 7 to ensure it cannot be used with it. evad3rs have said that they don’t plan to work on a jailbreak for iOS 7.1. However, it remains to be seen if they will change their stance based on this new revelation as Apple is very likely to fix the issue at least in iOS 8, if not earlier. Let’s hope so, as we would love to see a jailbreak for iOS 7.1.


Share This Page