Reduced security is among the top reasons given by Apple and enterprise information technology managers for their opposition to iPhone jailbreaking, but at least one white-hat hacker is out to prove them all wrong. German security consultant Stefan Esser of SektionEins will introduce a tool this week called antid0te at the Power of Community conference in Seoul, South Korea. Antid0te will combine the ability to jailbreak iOS devices and then automatically add a capability called Address Space Layout Randomization (ASLR).
Since the earliest days of computing, basic system files have typically loaded to the specific addresses in memory, which makes it easier for attackers to directly change the data or code stored there. Randomizing the locations where that code resides adds an extra layer of security. That’s why Microsoft has incorporated ASLR into its operating systems since Windows Vista debuted — even Windows Phone 7 has this feature. Apple, on the other hand, has only done a limited ASLR implementation in OS X and none at all in iOS.
The debut of antid0te comes on the heels of the news that Apple has removed a jailbreak detection API from iOS 4.2. This function was used by some corporate IT departments to ensure that company issued iOS devices were not jailbroken. Apple has not said why the API was removed, but at least IT departments can breathe a bit easier as long as employees stick to antid0te for their jailbreaking needs.
[via Engadget]
Address space randomization adds extra security for jailbroken iPhones originally appeared on TUAW on Mon, 13 Dec 2010 11:00:00 EST. Please see our terms for use of feeds.
Source | Permalink | Email this | Comments