Changes in iOS 7 Security Make Kernel More Vulnerable to Attack

by

A security researcher claims changes Apple made to tighten its kernel security system in iOS 7 instead weakened the system, making it less secure than its iOS 6 counterpart. (Via CNET and ThreatPost) Azimuth Security researcher Tarjei Mandt discovered the flaw and presented his findings last week at CanSecWest.

The security flaw involves the random number generator Apple uses to secure its kernel. In iOS 6, the number generator that encrypted the kernel derived its values in part from the CPU clock counter. Because it was based on time, the encryption was only marginally secure as the output values were predictable, especially when examining successive numbers.

ios7-early-random-number
Apple was aware of the limitations in iOS 6 and attempted to tighten security in iOS 7 by changing the random number generator to a linear congruential generator, which is more susceptible to brute force attacks.

The problem with the new generator in iOS 7 is that it uses a linear recursion algorithm, Mandt said, which has "more correlation" between the values it generates. That makes them easier to extrapolate and guess, he said.

This flaw potentially allows a malicious hacker to gain kernel-level access to an iOS device via an unpatched vulnerability. The kernel is the base part of the iOS operating system and controls low-level functions such as security and resource allocation.

Apple approached Mandt about his findings and asked for his CanSecWest slide presentation.

Top Rated Comments

(View all)
Avatar
86 months ago

Deliberate back door?


Couldn't have been an accident that someone missed, could it? Nah....everyone get your tin foil hats out cause everyone's out to get us.


In reality, props to white-hat hackers like Mandt
Score: 9 Votes (Like | Disagree)
Avatar
86 months ago

I like how negative things like this never makes it to the Front Page and not many throwing a punch at Apple like they do for other companies. I am sure if it was any other company, this news would have been the first frontage news. I feel this is done deliberately by MacRumors for generating $$. Just pathetic.

I came across this story on the front page of MacRumors, as I'm sure many others did.
Score: 3 Votes (Like | Disagree)
Avatar
86 months ago
Random Number Generators are a tricky business. The company I work for has a whole slew of patents and protected IP just for the RNG we use.
Score: 3 Votes (Like | Disagree)
Avatar
86 months ago
Modern Intel chips (made after 2008 I think) have ISK which produces actual random values rather than pseudo ones. I guess ARM lacks that right now.
Score: 3 Votes (Like | Disagree)
Avatar
86 months ago

Deliberate back door?


No. Apple would never do this. They never compromise on customer security for anyone.
Score: 3 Votes (Like | Disagree)
Avatar
86 months ago

It's not in the slides but I'd be curious to know how much brute force is required?
It reads like a restart would require calculation to start again?

Could an app be crafted inside the sandbox to not only gather enough info but to also then have enough time to process that info to get the information it needs to launch an attack without highlighting is presents.

Yes "security by obscurity" = bad. Yes, could be better.
Still if attack needs more than minutes of full throttle processing it goes to take some fairly careful crafting to hid it. Putting more in "Alert but not Alarmed" territory.


It's very hard to say how much of a problem there actually is. My understanding - which may be wrong - is that this random number generator is used at the very early stages while iOS is booting, and is then replaced with something a lot stronger. There's the claim that the random number sequence could be predicted, but then I wonder which non-Apple software would be running on the device at the early stages when this random number generator is in use. Quite possibly none at all.
Score: 2 Votes (Like | Disagree)

Top Stories

New Photos Offer Better Look at iPhone 12 Color Options

Tuesday October 20, 2020 2:34 am PDT by
As we wait for the iPhone 12 review embargo to lift later today, more pictures are circulating of the devices in real-world lighting conditions, providing a better look at the different colors available. Leaker DuanRui has shared images on Twitter of the iPhone 12 in white, black, blue, green, and (PRODUCT)RED. The black and white colors are similar to the iPhone 11 colors, but the other...

iPhone 12 Pro in Graphite and iPhone 12 in Blue Shown Off in Unboxing Videos

Monday October 19, 2020 8:20 am PDT by
While the iPhone 12 Pro does not launch until Friday, we now have an early unboxing video of the device courtesy of Twitter account DuanRui, providing a closer look at the shiny new flat-edge design and sleek Graphite color option. Ben Geskin re-uploaded the unboxing video to YouTube, which we've embedded below: Geskin has also uploaded an unboxing video of the iPhone 12 in Blue: ...

Apple Releases iPadOS and iOS 14.1 With Multiple Bug Fixes Ahead of iPhone 12 Launch

Tuesday October 20, 2020 10:06 am PDT by
Apple today released iOS and iPadOS 14.1, the first major updates to the iOS and iPadOS 14 operating system updates that were released in September. iOS and iPadOS 14.1 come a week after Apple released the golden master versions of the updates to developers. The iOS 14.1 update can be downloaded for free and it is available on all eligible devices over-the-air in the Settings app. To access...

Watch: iPhone 12 and iPhone 12 Pro Unboxing Videos and First Impressions

Tuesday October 20, 2020 6:05 am PDT by
Apple's embargo has lifted for iPhone 12 and iPhone 12 Pro reviews. In addition to our detailed review roundups for each device, we've rounded up over a dozen unboxing videos and first impressions below. iPhone 12 in Blue on left and iPhone 12 Pro in Pacific Blue on right via Engadget Key new features of the iPhone 12 and iPhone 12 Pro include a flat-edge design, 5G support, a much faster A14 ...

Gold Version of iPhone 12 Pro Apparently Has a More Fingerprint Resistant Stainless Steel Frame

Tuesday October 20, 2020 11:56 am PDT by
iPhone 12 Pro reviews hit the web today, and one of the more interesting tidbits came from TechCrunch's Matthew Panzarino, who revealed that the Gold version of the device apparently has a more fingerprint resistant coating applied to the stainless steel frame. From his review:Most of the iPhone 12 Pro finishes still use a physical vapor deposition process for edge coating. But the new gold...

Photographer Austin Mann Tests the iPhone 12 Pro's Camera

Wednesday October 21, 2020 4:14 am PDT by
Travel photographer Austin Mann usually performs an in-depth review of new iPhone models to test their camera performance in real-world scenarios. To test Apple's new iPhone 12 Pro, Mann traveled to Glacier National Park, Montana. Mann focused on some of the biggest camera upgrades with the iPhone 12 Pro, including the upgraded Wide lens, Ultra Wide Night mode, and LiDAR autofocus, across a...

iPhone 12 Pro Max Has Smaller 3,687 mAh Battery According to Regulatory Filing

Tuesday October 20, 2020 8:48 pm PDT by
Apple's new iPhone 12 Pro Max is equipped with a 3,687 mAh battery, which is around 7% less capacity than the 3,969 mAh battery in the iPhone 11 Pro Max, according to a regulatory filing published by TENAA, the Chinese equivalent of the FCC. The regulatory filing, spotted by MacRumors, also lists the iPhone 12 Pro Max with 6GB of RAM as seen in benchmark results last week. Apple has filed ...

5G Drains iPhone 12 Battery 20% Faster Than 4G in Benchmark

Wednesday October 21, 2020 3:17 am PDT by
After the first reviews for the iPhone 12 and iPhone 12 Pro emerged yesterday, a new report by Tom's Guide reveals the extent of battery life reductions when using 5G. The report outlines a test wherein the iPhone surfs the web continuously at 150 nits of screen brightness, launching a new site every 30 seconds until the battery drains. Interestingly, the test was run on an iPhone 12 and...

Hands-On With Apple's iPhone 12 and 12 Pro MagSafe Cases

Tuesday October 20, 2020 1:33 pm PDT by
Apple's iPhone 12 and 12 Pro are launching this Friday, and ahead of that release date, Apple is shipping out various accessories like the MagSafe charger and MagSafe cases. Yesterday we took a look at the MagSafe charger, and today our MagSafe case came in the mail, so we thought we'd take another look at the charger to see how it works with the case and just how strong the case magnets are. S ...

Reliable Leaker Suggests AirTags 'Coming Soon' in Two Different Sizes

Tuesday October 20, 2020 1:53 am PDT by
Apple's rumored AirTags Bluetooth tracking devices could launch imminently and will be available in two size options, based on new tweets from cryptic-but-reliable leaker L0vetodream. In typical enigmatic style, the leaker first tweeted this morning that a "big one" and a "small one" are "coming soon," but withheld what they were referring to. However that was followed an hour later with the ...