Go Back   MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 17, 2014, 01:21 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Changes in iOS 7 Security Make Kernel More Vulnerable to Attack




A security researcher claims changes Apple made to tighten its kernel security system in iOS 7 instead weakened the system, making it less secure than its iOS 6 counterpart. (Via CNET and ThreatPost) Azimuth Security researcher Tarjei Mandt discovered the flaw and presented his findings last week at CanSecWest.

The security flaw involves the random number generator Apple uses to secure its kernel. In iOS 6, the number generator that encrypted the kernel derived its values in part from the CPU clock counter. Because it was based on time, the encryption was only marginally secure as the output values were predictable, especially when examining successive numbers.

Apple was aware of the limitations in iOS 6 and attempted to tighten security in iOS 7 by changing the random number generator to a linear congruential generator, which is more susceptible to brute force attacks.
Quote:
The problem with the new generator in iOS 7 is that it uses a linear recursion algorithm, Mandt said, which has "more correlation" between the values it generates. That makes them easier to extrapolate and guess, he said.
This flaw potentially allows a malicious hacker to gain kernel-level access to an iOS device via an unpatched vulnerability. The kernel is the base part of the iOS operating system and controls low-level functions such as security and resource allocation.

Apple approached Mandt about his findings and asked for his CanSecWest slide presentation.


Article Link: Changes in iOS 7 Security Make Kernel More Vulnerable to Attack
MacRumors is offline   0 Reply With Quote
Old Mar 17, 2014, 01:22 PM   #2
Mums
macrumors 6502
 
Join Date: Oct 2011
Deliberate back door?
Mums is offline   2 Reply With Quote
Old Mar 17, 2014, 01:24 PM   #3
nebo1ss
macrumors 68000
 
Join Date: Jun 2010
Perhaps It will facilitate a 7.1 Jailbreak.
nebo1ss is offline   2 Reply With Quote
Old Mar 17, 2014, 01:25 PM   #4
dumastudetto
macrumors 65816
 
Join Date: Aug 2013
Quote:
Originally Posted by Mums View Post
Deliberate back door?
No. Apple would never do this. They never compromise on customer security for anyone.
dumastudetto is offline   3 Reply With Quote
Old Mar 17, 2014, 01:26 PM   #5
Calexander3103
macrumors newbie
 
Join Date: Mar 2014
Quote:
Originally Posted by Mums View Post
Deliberate back door?
Couldn't have been an accident that someone missed, could it? Nah....everyone get your tin foil hats out cause everyone's out to get us.


In reality, props to white-hat hackers like Mandt
Calexander3103 is offline   9 Reply With Quote
Old Mar 17, 2014, 01:36 PM   #6
Kariya
macrumors 68000
 
Join Date: Nov 2010
iOS 7.2 here we come.
Kariya is offline   2 Reply With Quote
Old Mar 17, 2014, 01:42 PM   #7
everything-i
macrumors 6502a
 
Join Date: Jun 2012
Location: London, UK
So they replaced one floored system where the code could be derived based on time to another that can only be cracked with bruit force guesses. So one is no more secure than the other. In other words its probably no more or less than it was before. Of course the tin foil hat brigade will have us all believe its a government conspiracy
everything-i is offline   0 Reply With Quote
Old Mar 17, 2014, 01:44 PM   #8
ArtOfWarfare
macrumors 603
 
ArtOfWarfare's Avatar
 
Join Date: Nov 2007
Send a message via Skype™ to ArtOfWarfare
Modern Intel chips (made after 2008 I think) have ISK which produces actual random values rather than pseudo ones. I guess ARM lacks that right now.
ArtOfWarfare is offline   3 Reply With Quote
Old Mar 17, 2014, 01:44 PM   #9
jfx94
macrumors regular
 
Join Date: May 2013
Location: where ever I am at.
This doesn't seem like a hole the way some other vulnerabilities are. This seems more like a structural weakness in the architecture (like using a softer steel than something bulletproof in construction). I doubt there will be a 'fix' for this; more likely iOS 8 or 9 will simply use stronger steel.
jfx94 is offline   1 Reply With Quote
Old Mar 17, 2014, 01:48 PM   #10
H2SO4
macrumors 65816
 
Join Date: Nov 2008
Quote:
Originally Posted by jfx94 View Post
This doesn't seem like a hole the way some other vulnerabilities are. This seems more like a structural weakness in the architecture (like using a softer steel than something bulletproof in construction). I doubt there will be a 'fix' for this; more likely iOS 8 or 9 will simply use stronger steel.
I fear you are right. I also fear that iOS8 will only be available to the iP5 and upward.
__________________
MP1,1 - 11GB - 5770.
30”ACD.
OXS 10.10.1
H2SO4 is offline   0 Reply With Quote
Old Mar 17, 2014, 01:57 PM   #11
ZacNicholson
macrumors 6502a
 
ZacNicholson's Avatar
 
Join Date: Jun 2011
Location: Indiana
Send a message via Skype™ to ZacNicholson
Quote:
Originally Posted by nebo1ss View Post
Perhaps It will facilitate a 7.1 Jailbreak.
hopefully
__________________
follow me on twitter @zac_nicholson
watch my youtube www.youtube.com/mrzacnicholson
2011 13" MBP, iPhone 4 (jailbroken), iPad 3 32 GB Verizon(jailbroken), Apple tv 2(jailbroken)
ZacNicholson is offline   1 Reply With Quote
Old Mar 17, 2014, 02:02 PM   #12
bigchief
macrumors 6502a
 
Join Date: Feb 2009
7.1 has more bugs than 7 it seems with my iPad Air.
bigchief is offline   0 Reply With Quote
Old Mar 17, 2014, 02:06 PM   #13
numlock
macrumors 65816
 
Join Date: Mar 2006
wonder if phil schiller knows
numlock is offline   1 Reply With Quote
Old Mar 17, 2014, 02:36 PM   #14
Analog Kid
macrumors 68030
 
Analog Kid's Avatar
 
Join Date: Mar 2003
Quote:
Originally Posted by Mums View Post
Deliberate back door?
What about the phrase "brute force attack" suggests "deliberate back door" to you?
__________________
Only trolls use the word "fanboy".
Analog Kid is offline   1 Reply With Quote
Old Mar 17, 2014, 02:40 PM   #15
Laird Knox
macrumors 65816
 
Join Date: Jun 2010
Random Number Generators are a tricky business. The company I work for has a whole slew of patents and protected IP just for the RNG we use.
Laird Knox is offline   3 Reply With Quote
Old Mar 17, 2014, 03:03 PM   #16
SAIRUS
macrumors 6502
 
Join Date: Aug 2008
Quote:
Originally Posted by numlock View Post
wonder if phil schiller knows
He'll need to stop watching The Black Knight Trilogy and get to his job.
__________________
You're ugly...
...only if you think you are.
15" Retina Macbook Pro, iPhone 6 Plus, iPhone 5S, iPhone 4S, iPa-okay okay I have a ton of Apple stuff and 200 characters is not enough.
SAIRUS is offline   0 Reply With Quote
Old Mar 17, 2014, 03:16 PM   #17
samcraig
macrumors G5
 
Join Date: Jun 2009
The new iPhone. We made everything thinner. Including security and the randomness of numbers.
samcraig is offline   0 Reply With Quote
Old Mar 17, 2014, 03:17 PM   #18
b0fh
macrumors member
 
Join Date: May 2012
Quote:
Originally Posted by ArtOfWarfare View Post
Modern Intel chips (made after 2008 I think) have ISK which produces actual random values rather than pseudo ones. I guess ARM lacks that right now.
Except that the Intel stuff isn't particularly trusted currently.

And with the new "we will run certain people run below the microcode level so that we can stop unauthorized programs and viruses that the OS can't see"... do you really trust those things?
b0fh is offline   1 Reply With Quote
Old Mar 17, 2014, 03:20 PM   #19
dugbug
macrumors 6502a
 
Join Date: Aug 2008
They have such great sources of entropy: signal strength, gyros, accelerometers, temperatures. I thought they employed some of these? At least arc4random()?
__________________
Doodle Dice iOS puzzle game: http://www.dyerware.com/forum/index....pic,194.0.html
The greatest iOS game in the world? Perhaps my friends. Perhaps.
dugbug is offline   1 Reply With Quote
Old Mar 17, 2014, 03:36 PM   #20
street.cory
macrumors 6502
 
Join Date: Oct 2009
Quote:
Originally Posted by dugbug View Post
They have such great sources of entropy: signal strength, gyros, accelerometers, temperatures. I thought they employed some of these? At least arc4random()?
Steve Gibson is that you?
__________________
no one cares

street.cory is offline   1 Reply With Quote
Old Mar 17, 2014, 04:32 PM   #21
PBG4 Dude
macrumors 65816
 
Join Date: Jul 2007
Quote:
Originally Posted by dugbug View Post
They have such great sources of entropy: signal strength, gyros, accelerometers, temperatures. I thought they employed some of these? At least arc4random()?
The article states this entropy pool is not available at boot time, when the number is generated.
PBG4 Dude is offline   2 Reply With Quote
Old Mar 17, 2014, 04:37 PM   #22
dugbug
macrumors 6502a
 
Join Date: Aug 2008
Quote:
Originally Posted by PBG4 Dude View Post
The article states this entropy pool is not available at boot time, when the number is generated.
ah makes sense how this would have been introduced then.
__________________
Doodle Dice iOS puzzle game: http://www.dyerware.com/forum/index....pic,194.0.html
The greatest iOS game in the world? Perhaps my friends. Perhaps.
dugbug is offline   1 Reply With Quote
Old Mar 17, 2014, 04:47 PM   #23
ArtOfWarfare
macrumors 603
 
ArtOfWarfare's Avatar
 
Join Date: Nov 2007
Send a message via Skype™ to ArtOfWarfare
Quote:
Originally Posted by b0fh View Post
Except that the Intel stuff isn't particularly trusted currently.

And with the new "we will run certain people run below the microcode level so that we can stop unauthorized programs and viruses that the OS can't see"... do you really trust those things?
I'm not familiar with the things you're alluding to.
__________________
Don't tell me Macs don't last: 2007 iMac, 2007 Mac Mini, 2008 MacBook Air, all Vintage.
(iMac obsoletion: April 28, 2015, MBA: October 14, 2015, Mac Mini: March 9, 2016)
ArtOfWarfare is offline   0 Reply With Quote
Old Mar 17, 2014, 06:13 PM   #24
springsup
macrumors 6502a
 
Join Date: Feb 2013
Yikes! That makes for some pretty worrying reading.

Apple can change the PRNG implementation without breaking things, and there are a number of good tips given in the slides. I'm sure we'll see a more robust generator in iOS8, but these fixes may be important enough to make it to iOS 7, too.

----------

Quote:
Originally Posted by ArtOfWarfare View Post
I'm not familiar with the things you're alluding to.
I think he's talking about the NSA, and leaked reports where they claim to have inserted backdoors into hardware random number generators.
springsup is offline   1 Reply With Quote
Old Mar 17, 2014, 06:52 PM   #25
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by Mums View Post
Deliberate back door?
Uneducated knee-jerk reaction?
gnasher729 is offline   2 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Leaves Users Vulnerable By Not Fixing iOS and OS X Security Issues Simultaneously MacRumors MacRumors.com News Discussion 141 Apr 26, 2014 10:47 PM
OS X Vulnerable to SSL Bug Patched in iOS 7.0.6 Update MacRumors MacRumors.com News Discussion 241 Mar 12, 2014 02:31 PM
Security Researchers Detail New Combination of Touch ID and iOS 7 Security Feature Bypasses MacRumors iOS Blog Discussion 66 Oct 7, 2013 08:49 PM
General: Does JB make your Apple ID vulnerable? Han Solo 1 Jailbreaks and iOS Hacks 5 Mar 18, 2013 12:46 PM
Does Windows make my iMac vulnerable? Spoiled iMac 3 Nov 20, 2012 03:00 PM

Forum Jump

All times are GMT -5. The time now is 05:18 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC