A security researcher claims changes Apple made to tighten its kernel security system in iOS 7 instead weakened the system, making it less secure than its iOS 6 counterpart. (Via CNET and ThreatPost) Azimuth Security researcher Tarjei Mandt discovered the flaw and presented his findings last week at CanSecWest.

The security flaw involves the random number generator Apple uses to secure its kernel. In iOS 6, the number generator that encrypted the kernel derived its values in part from the CPU clock counter. Because it was based on time, the encryption was only marginally secure as the output values were predictable, especially when examining successive numbers.

ios7-early-random-number
Apple was aware of the limitations in iOS 6 and attempted to tighten security in iOS 7 by changing the random number generator to a linear congruential generator, which is more susceptible to brute force attacks.

The problem with the new generator in iOS 7 is that it uses a linear recursion algorithm, Mandt said, which has "more correlation" between the values it generates. That makes them easier to extrapolate and guess, he said.

This flaw potentially allows a malicious hacker to gain kernel-level access to an iOS device via an unpatched vulnerability. The kernel is the base part of the iOS operating system and controls low-level functions such as security and resource allocation.

Apple approached Mandt about his findings and asked for his CanSecWest slide presentation.

Top Rated Comments

Calexander3103 Avatar
93 months ago
Deliberate back door?

Couldn't have been an accident that someone missed, could it? Nah....everyone get your tin foil hats out cause everyone's out to get us.


In reality, props to white-hat hackers like Mandt
Score: 9 Votes (Like | Disagree)
C DM Avatar
93 months ago
I like how negative things like this never makes it to the Front Page and not many throwing a punch at Apple like they do for other companies. I am sure if it was any other company, this news would have been the first frontage news. I feel this is done deliberately by MacRumors for generating $$. Just pathetic.
I came across this story on the front page of MacRumors, as I'm sure many others did.
Score: 3 Votes (Like | Disagree)
Laird Knox Avatar
93 months ago
Random Number Generators are a tricky business. The company I work for has a whole slew of patents and protected IP just for the RNG we use.
Score: 3 Votes (Like | Disagree)
ArtOfWarfare Avatar
93 months ago
Modern Intel chips (made after 2008 I think) have ISK which produces actual random values rather than pseudo ones. I guess ARM lacks that right now.
Score: 3 Votes (Like | Disagree)
dumastudetto Avatar
93 months ago
Deliberate back door?

No. Apple would never do this. They never compromise on customer security for anyone.
Score: 3 Votes (Like | Disagree)
gnasher729 Avatar
93 months ago
It's not in the slides but I'd be curious to know how much brute force is required?
It reads like a restart would require calculation to start again?

Could an app be crafted inside the sandbox to not only gather enough info but to also then have enough time to process that info to get the information it needs to launch an attack without highlighting is presents.

Yes "security by obscurity" = bad. Yes, could be better.
Still if attack needs more than minutes of full throttle processing it goes to take some fairly careful crafting to hid it. Putting more in "Alert but not Alarmed" territory.

It's very hard to say how much of a problem there actually is. My understanding - which may be wrong - is that this random number generator is used at the very early stages while iOS is booting, and is then replaced with something a lot stronger. There's the claim that the random number sequence could be predicted, but then I wonder which non-Apple software would be running on the device at the early stages when this random number generator is in use. Quite possibly none at all.
Score: 2 Votes (Like | Disagree)

Top Stories

april 2021 event coverage feature

Apple Event Live Coverage: New iPads, AirTags, and More Expected [Event Over]

Tuesday April 20, 2021 9:07 am PDT by
Apple's virtual "Spring Loaded" event kicks off today at 10:00 a.m. Pacific Time, with Apple expected to debut updated iPad models and perhaps some other hardware such as AirTags or iMac models based on Apple silicon. Apple is providing a live video stream on its website, on YouTube, and in the company's TV app across its platforms. We will also be updating this article with live blog...
m1 imac colors

Apple Announces Redesigned iMac With M1 Chip and Seven Color Options

Tuesday April 20, 2021 10:22 am PDT by
Apple has announced a new, redesigned 24-inch iMac, featuring an M1 chip, a 4.5K display, and a range of color options, as well as an improved cooling system, front-facing camera, speaker system, microphones, power connector, and peripherals. The new iMac features a completely new compact design, and comes in a range of seven striking colors, including green, yellow, orange, pink, purple,...
Ports 2021 MacBook Pro Mockup Feature 1 copy

Stolen MacBook Pro Schematics Confirm Apple's Plans to Add More Ports and Remove Touch Bar

Wednesday April 21, 2021 10:31 am PDT by
Schematics stolen from Apple supplier Quanta Computer outline Apple's plans for the next-generation MacBook Pro models that are expected in 2021, and clearly confirm plans for additional ports and a return to MagSafe. MacRumors saw the schematics after they were leaked online, and some of them feature the logic board of the next-generation MacBook Pro. On the right side of the machine,...
iphone 12 preorder purple

Apple Launching iPhone 12 and 12 Mini in New Purple Color on April 30

Tuesday April 20, 2021 10:08 am PDT by
Apple today announced that the iPhone 12 and iPhone 12 mini will be available in a new purple color starting April 30, with pre-orders starting this Friday. Apple is also releasing a new MagSafe Leather Case and Leather Sleeve in Deep Violet, a Silicone Case in Capri Blue, Pistachio, Cantaloupe, or Amethyst, and a Leather Wallet in Arizona, all available to order beginning today. iPhone...
13 inch macbook pro m1

14-Inch and 16-Inch MacBook Pro Models With XDR Displays Expected to Launch Later This Year

Wednesday April 21, 2021 7:08 am PDT by
Apple yesterday unveiled a new 12.9-inch iPad Pro with a Liquid Retina XDR display that uses mini-LED backlighting to achieve up to 1,000 nits of full-screen brightness and up to 1,600 nits of peak brightness. With over 10,000 mini‑LEDs grouped into more than 2,500 local dimming zones, the display also has an impressive 1,000,000:1 contrast ratio. Apple has so far branded its mini-LED...
14

Apple Says iOS 14.5 Will Be Released 'Next Week'

Tuesday April 20, 2021 11:08 am PDT by
Apple today in a press release about its new AirTag item tracker announced that iOS 14.5 and iPadOS 14.5 will be available starting "next week." iOS 14.5 and iPadOS 14.5 are packed with new features, including the ability for iPhone users who are wearing an Apple Watch to unlock the iPhone with Face ID while wearing a mask. iOS 14.5 and iPadOS 14.5 will also be the minimum software versions...
ipad pro with m1 chip

Apple Introduces Next-Generation iPad Pro With M1 Chip, Thunderbolt, 5G, XDR Display, and More

Tuesday April 20, 2021 10:40 am PDT by
Apple today announced the next-generation iPad Pro with the same M1 chip found in the latest Macs, Thunderbolt and USB4 support, 5G connectivity on cellular models with mmWave support in the United States, and more. With an 8-core CPU and 8-core GPU, Apple says the M1 chip in the new iPad Pro provides up to 50% faster performance and up to 40% faster graphics compared to the A12Z Bionic chip ...
f1618938547

Apple Announces AirTag Tracking Devices Starting At $29 Each

Tuesday April 20, 2021 10:10 am PDT by
Apple today announced AirTag, a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app. AirTags are accessories for attaching to backpacks, luggage, and other items. Any U1 device like the iPhone 12 can be used for precision finding to guide you right to the item you're looking...
airtag engraving 69

Apple Tries to Limit Offensive AirTag Engravings... With Mixed Results

Wednesday April 21, 2021 3:16 am PDT by
Apple's AirTag item trackers can be custom-engraved using text, numbers, and even emoji, but users looking to express some college humor will likely need to look elsewhere, because Apple's online AirTag personalization tool is easily offended. An AirTag is just big enough to fit up to four characters or up to three emoji. That might seem just enough to get dubiously creative with your...
maxresdefault

Apple Event 2021: Everything Apple Announced at Its 'Spring Loaded' Event in Just 6 Minutes

Tuesday April 20, 2021 4:23 pm PDT by
Apple today held its first event of 2021, and it was one of the most exciting events that we've seen in some time. Apple announced a whole slew of new products, including an M1 iMac, an M1 iPad Pro, a refreshed 4K Apple TV, and the long-awaited AirTags. Subscribe to the MacRumors YouTube channel for more videos. It took Apple an hour to introduce all of the new devices during its virtual...