Tuesday, December 07, 2010

Hacker brings enhanced security to jailbroken iPhones

Stefan Esser, a security consultant and developer for SektionEins, plans to unveil a process at the Power of Community security conference (December 17 in Seoul, South Korea) for jailbreaking iDevices that automatically fortifies them with ASLR which would make the devices more resistant to malware attacks.

Address Space Layout Randomization (ASLR) randomizes the memory locations where injected code is executed making it impossible for exploits to know ahead of time where malicious payloads are located.

Apple has limited ASLR built in to Mac OS X and it is has left it out of iOS. Interestingly enough Microsft does include ASLR into their OS starting with Windows Vista, and have also included it into their Windows 7 mobile OS.

“When you jailbreak it, it breaks a lot of security of a normal iPhone,” Charlie Miller (a principal security analyst at Independent Security Evaluators) told The Register. “With Stefan's stuff, now maybe it's an option, if you're a security-conscious person, to still jailbreak your phone because you can pick up ASLR, which is going to make it a lot harder to do exploits.”

Esser also plans to release a tool titled antid0te, that simplifies the process of implementing ASLR into a jailbroken iDevice.

Read Source Article: The Register

No comments:

Post a Comment