+ Reply
Page 1 of 3 123 LastLast
Results 1 to 20 of 51

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: antid0te Will Harden the iPhone Against Malware

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
A German security analyst is about to unveil a new jailbreaking process that will make iPhones much more secure. Stefan Esser, a security consultant and application developer for SektionEins, has
...
  1. #1
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 995 Times in 401 Posts

    Default antid0te Will Harden the iPhone Against Malware


    A German security analyst is about to unveil a new jailbreaking process that will make iPhones much more secure. Stefan Esser, a security consultant and application developer for SektionEins, has found a way to support Address Space Layout Randomization (ASLR) in iOS, and has developed a new jailbreak tool - to be called antid0te - to implement it, making iPhones much more resistant to malware attacks. The tool will be announced at a security conference next week and should be available soon thereafter.

    ASLR works by randomly assigning data to memory to make it tougher for attackers to figure out the location of critical operating system functions, greatly increasing the difficulty of designing reliable exploits. ASLR was built into Windows Vista over three years ago, and is supported in Windows Phone 7, as well as (to a limited extent) in Mac OS X. However, it isn't present at all on iOS, instead Apple relies on Data Execution Protection sandboxing to make iPhones resistant to attack. This is kind of like welding your car doors shut as an anti-theft measure: sure, the car will be harder to steal, but it will also be a lot less useful. Jailbreaking defeats sandbox protection in order to allow you to load the software you want, but at the same time a layer of Apple's brittle defense is removed, allowing worms like Ikee to access protected memory. The absence of robust security like ASLR in iOS allowed security researchers at this year's Pwn2Own hacking contest to break into a stock iPhone and hijack the entire SMS database, including deleted messages, in about 20 seconds.

    Esser will be presenting antid0te at the Power of Community security conference in Korea on December 14th. "With ASLR," the conference notes explain, "an exploit mitigation is added that is not available in factory iPhones and makes exploitation more difficult." And according to Esser, he's going to continue to work on further hardening the iPhone: "more mitigations and a full reactivation of the codesigning protection are planed [sic] for the next months."

    Source: The Register
    Last edited by Paul Daniel Ash; 12-09-2010 at 12:12 PM.

  2. The Following 5 Users Say Thank You to Paul Daniel Ash For This Useful Post:

    CaryDude (12-10-2010), charlyc (12-10-2010), jokerg7 (12-09-2010), kingbijan (12-09-2010), tma (12-09-2010)

  3. #2
    Green Apple
    Join Date
    Sep 2009
    Location
    Toronto
    Posts
    44
    Thanks
    78
    Thanked 2 Times in 2 Posts

    Interested to see this

  4. #3
    What's Jailbreak? ShredNasty's Avatar
    Join Date
    Jul 2010
    Location
    New Braunfels, Texas
    Posts
    252
    Thanks
    7
    Thanked 37 Times in 28 Posts

    Ok? When was the last time an iPhone got attacked? Hell, when was the first time?
    iPhone 4 to Android directly back to iPhone 4. I learned my lesson and will never leave iOS again.

  5. #4
    Go Wings Zokunei's Avatar
    Join Date
    Jun 2010
    Location
    Michigan
    Posts
    6,387
    Thanks
    146
    Thanked 468 Times in 380 Posts

    I thought this is what makes Firefox take 45 seconds to start up on my computer.

  6. #5
    What's Jailbreak? ShredNasty's Avatar
    Join Date
    Jul 2010
    Location
    New Braunfels, Texas
    Posts
    252
    Thanks
    7
    Thanked 37 Times in 28 Posts

    Besides at a pwnfest, specifically tailored to attack.....
    iPhone 4 to Android directly back to iPhone 4. I learned my lesson and will never leave iOS again.

  7. #6
    iPhone? More like MyPhone
    Join Date
    Dec 2009
    Posts
    277
    Thanks
    8
    Thanked 18 Times in 15 Posts

    I wonder how long though before anti-virus starts to appear for the iPhone?

    I mean, they're are millions of the out there and they're getting used for ever increasingly sensitive tasks, but yet the hackers seem to have left them alone. Can't stay that way for ever.

    Of course, I have no idea what I'm talking about here, so there might be a very good reason why they ain't yet been attacked.

  8. #7
    iPhone? More like MyPhone
    Join Date
    Oct 2007
    Posts
    149
    Thanks
    7
    Thanked 14 Times in 11 Posts

    Glorious. Hope it works well with no drawbacks and gets added to Pwnage Tool.

  9. #8
    Theme Creator
    Join Date
    Aug 2008
    Posts
    1,073
    Thanks
    509
    Thanked 717 Times in 298 Posts

    Hopefully it won't make future jailbreaks harder to come by.

  10. The Following 2 Users Say Thank You to SirTimothy1 For This Useful Post:

    Electrodaktylus (12-09-2010), kingbijan (12-09-2010)

  11. #9
    iPhoneaholic gthugballin's Avatar
    Join Date
    May 2009
    Location
    Garden Grove, California, United States
    Posts
    439
    Thanks
    62
    Thanked 31 Times in 21 Posts

    Quote Originally Posted by SirTimothy1 View Post
    Hopefully it won't make future jailbreaks harder to come by.

    thtat would suck
    When the police want to know where someone is, they ask apple.

  12. #10
    iPhone? More like MyPhone
    Join Date
    Sep 2007
    Posts
    217
    Thanks
    10
    Thanked 26 Times in 14 Posts

    Quote Originally Posted by SirTimothy1 View Post
    Hopefully it won't make future jailbreaks harder to come by.
    Each and every jailbreak usually does.

  13. #11
    What's Jailbreak?
    Join Date
    Jul 2010
    Posts
    19
    Thanks
    0
    Thanked 2 Times in 1 Post
    Yea, seems like it will make it harder to jailbreak/unlock in the future

  14. #12
    What's Jailbreak?
    Join Date
    Dec 2010
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Im going to sound stupid, i know :L but is this good or bad for the jail-breaking community?

  15. #13
    Master Themer (aka gaBzii) jokerg7's Avatar
    Join Date
    Sep 2007
    Location
    Lake Mary, FL
    Posts
    1,964
    Thanks
    2,469
    Thanked 2,544 Times in 1,068 Posts

    could be both good or bad...we won't know until we know exactly what has developed

  16. #14
    My iPhone is a Part of Me zinjen's Avatar
    Join Date
    Sep 2007
    Location
    Scottsdale, AZ
    Posts
    996
    Thanks
    137
    Thanked 242 Times in 140 Posts

    Quote Originally Posted by gaBzii View Post
    could be both good or bad...we won't know until we know exactly what has developed
    Give me 15 minutes, I'll find the root on that SOB. Love a challenge
    Don't forget to hit the thanks button if you liked what I said or did

  17. The Following 2 Users Say Thank You to zinjen For This Useful Post:

    jokerg7 (12-10-2010), ridingsupreme (12-09-2010)

  18. #15
    My iPhone is a Part of Me wolverinemarky's Avatar
    Join Date
    Feb 2009
    Posts
    686
    Thanks
    19
    Thanked 34 Times in 33 Posts

    He needs a cooler name then antidote don't really know him either so will wait and see what the devs think about it first


    Sent from my iPhone using ModMyi

  19. #16
    Go Wings Zokunei's Avatar
    Join Date
    Jun 2010
    Location
    Michigan
    Posts
    6,387
    Thanks
    146
    Thanked 468 Times in 380 Posts

    How in the hell would an anti-malware utility you get AFTER you ran a jailbreak tool make it harder to develop a jailbreak? The only way it could get harder is if Apple adopted it as part of the OS or an app did the same thing (which is impossible due to the fact apps can't tweak the OS).

  20. #17
    Livin the iPhone Life javiert30's Avatar
    Join Date
    Dec 2007
    Location
    New Orleans - Who dat nation
    Posts
    1,194
    Thanks
    80
    Thanked 112 Times in 85 Posts

    Quote Originally Posted by wolverinemarky View Post
    He needs a cooler name then antidote don't really know him either so will wait and see what the devs think about it first


    Sent from my iPhone using ModMyi
    I think he called it antid0te based in greenp0ison...
    Drive Safe with Trapster
    Speedtrap App

  21. #18
    Go Giants whereswaldo's Avatar
    Join Date
    Jul 2009
    Location
    Toronto
    Posts
    4,382
    Thanks
    187
    Thanked 359 Times in 257 Posts

    And we need this why? There is no malware for the iPhone and the onlything it would probably do is make it harder to find JB exploits
    Name? whereswaldo
    iDevice + Firmware? 32GB Black iPhone 4 iOS 5.0
    Computer + OS? Dell Inspiron 15R 2nd Gen i5, 2.3 Ghz, 750GB HDD, 8GB RAM Windows 7 HP
    Location? Toronto
    Found yet? No

  22. The Following User Says Thank You to whereswaldo For This Useful Post:

    DRFP (12-13-2010)

  23. #19
    iPhone? More like MyPhone
    Join Date
    Sep 2007
    Posts
    217
    Thanks
    10
    Thanked 26 Times in 14 Posts

    Quote Originally Posted by whereswaldo View Post
    And we need this why? There is no malware for the iPhone and the onlything it would probably do is make it harder to find JB exploits
    Bingo. This ******* is probably going to be burning a perfectly good exploit we could save for future firmwares.

  24. #20
    Go Wings Zokunei's Avatar
    Join Date
    Jun 2010
    Location
    Michigan
    Posts
    6,387
    Thanks
    146
    Thanked 468 Times in 380 Posts

    Seriously, I'm super curious, how can a jailbreak tweak that can only affect the OS after you jailbreak and install it hinder an exploit being used? It's like saying the PDF patch from Cydia should have stopped JailbreakMe.com, the way I see it. Someone explain.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts