On the Power of Community Conference, Stefan Esser a presentation about the possibility of ASLR to bring to the iPhone.The addition of ASLR on jailbroken iPhones is striking: since the technique is not yet standard in the security model of the iPhone will be jailbroken iPhones is integrated therefore relatively safer.
Address Space Layout Randomization
The security of the iPhone was last year under pressure, because the researchers succeeded iPhone 3G remote cracking Pwn2Own and then a universal jailbreak that appeared from userland unsuccessful. The underlying methodology is common that use is made of an attack on Return Oriented Programming is based. The term stands for ASLR Address Space Layout Randomization, and any potential attackers a lot harder to carry out a successful attack, because the technique makes it difficult to locate a memory address. The addition of ASLR would therefore make it more difficult to carry out such attacks on an iPhone, iPod touch or iPad with a jailbreak.
Antid0te: ASLR on iOS
The addition of ASLR on the iPhone will appear in a tool called Antid0te around December 24 should appear. The tool itself does not break out of jail, but can be used in conjunction with existing tools such as PwnageTool jailbreak, and redsn0w greenpois0n. The tool will be suitable for all devices which run IOS version 4.2.1. Esser has announced no plans to overcome the iPad IOS 3.x and the iPhone 3G and second generation iPod touch on lower firmware versions to support. Support for the iPhone and 4 fourth-generation iPod touch is expected to be made available to IOS 4.1.
Critics fear that the addition of ASLR on jailbroken Apple devices will cause the short term itself to move to the implementation of ASLR, which perform jailbreak in the future could be significantly hampered. Esser himself expects that 2011 will be the year of mobile malware and therefore looks a safer iPhone rather than an easier process to jailbreak.
0 comments:
Post a Comment