Menu
Security weakness found in iOS 7

Security weakness found in iOS 7

The problem stems from being able to brute force the random number generato to predict its outcomes

A researcher has discovered a weakness in iOS 7 that would enable an attacker to bypass a number of mechanisms Apple uses to prevent exploitation of the operating system's kernel.

The problem stems from being able to brute force the random number generator, called the Early Random PRNG, to predict its outcomes. The generator is used by a number of important memory protections for iOS devices.

The PRNG generates numbers used by the physical kernel map randomization, stack-check guard, zone cookie protections and kernel map randomization. These attack mitigations prevent hackers from executing buffer overflows and other exploits that could be used to take over a device with malware that takes advantage of how memory is allocated to safely execute code.

Tarjei Mandt, senior security researcher at Azimuth Security, found that the PRNG in iOS 7, the latest version of the OS, is weaker than the one used in iOS 6. In a paper presented this week at CanSecWest, Mandt described the impact of knowing the PRNG's outputs.

"Recovering these outputs essentially allows an attacker to bypass a variety of exploit mitigations, such as those designed to mitigate specific exploitation techniques or whole classes of vulnerabilities," the paper says.

"In turn, this may allow trivial exploitation of vulnerabilities previously deemed non-exploitable."

Scott Morrison, senior vice president and distinguished engineer at CA Technologies, called Mandt's work an "important discovery."

"PRNGs are fundamental to many computer security functions, particularly those around cryptography," Morrison said. "PRNGs are a common point of attack because if they are in any way predictable, the entire security system built on them can collapse like a house of cards."

The random number generator in iOS 7 uses an algorithm called a linear congruential generator (LCG), which produces sequences of random numbers calculated with a linear equation. One of the oldest and best-known random number generators, it is known for being fast and easy to implement, the paper authored by Mandt, said.

While these algorithms work well in devices with limited resources, such as smartphones, "they exhibit severe defects and are easily broken when confronted by an adversary who can monitor outputs," Mandt wrote.

"As such, LCGs should not be used for cryptographic applications or security related work," he said.

Mandt told the security blog ThreatPost that he had not disclosed his findings to Apple. Representatives of the company had requested to see his slides shortly before his presentation.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityMobile OSesmobile

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments