Page 1 of 3 123 LastLast
Results 1 to 20 of 51

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: antid0te Will Harden the iPhone Against Malware

  1. #1
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 995 Times in 401 Posts

    Default antid0te Will Harden the iPhone Against Malware


    A German security analyst is about to unveil a new jailbreaking process that will make iPhones much more secure. Stefan Esser, a security consultant and application developer for SektionEins, has found a way to support Address Space Layout Randomization (ASLR) in iOS, and has developed a new jailbreak tool - to be called antid0te - to implement it, making iPhones much more resistant to malware attacks. The tool will be announced at a security conference next week and should be available soon thereafter.

    ASLR works by randomly assigning data to memory to make it tougher for attackers to figure out the location of critical operating system functions, greatly increasing the difficulty of designing reliable exploits. ASLR was built into Windows Vista over three years ago, and is supported in Windows Phone 7, as well as (to a limited extent) in Mac OS X. However, it isn't present at all on iOS, instead Apple relies on Data Execution Protection sandboxing to make iPhones resistant to attack. This is kind of like welding your car doors shut as an anti-theft measure: sure, the car will be harder to steal, but it will also be a lot less useful. Jailbreaking defeats sandbox protection in order to allow you to load the software you want, but at the same time a layer of Apple's brittle defense is removed, allowing worms like Ikee to access protected memory. The absence of robust security like ASLR in iOS allowed security researchers at this year's Pwn2Own hacking contest to break into a stock iPhone and hijack the entire SMS database, including deleted messages, in about 20 seconds.

    Esser will be presenting antid0te at the Power of Community security conference in Korea on December 14th. "With ASLR," the conference notes explain, "an exploit mitigation is added that is not available in factory iPhones and makes exploitation more difficult." And according to Esser, he's going to continue to work on further hardening the iPhone: "more mitigations and a full reactivation of the codesigning protection are planed [sic] for the next months."

    Source: The Register
    Last edited by Paul Daniel Ash; 12-09-2010 at 01:12 PM.

  2. The Following 5 Users Say Thank You to Paul Daniel Ash For This Useful Post:

    CaryDude (12-10-2010), charlyc (12-10-2010), jokerg7 (12-09-2010), kingbijan (12-09-2010), tma (12-10-2010)

  3. #2
    Interested to see this

  4. #3
    What's Jailbreak? ShredNasty's Avatar
    Join Date
    Jul 2010
    Location
    New Braunfels, Texas
    Posts
    252
    Thanks
    7
    Thanked 37 Times in 28 Posts

    Ok? When was the last time an iPhone got attacked? Hell, when was the first time?
    iPhone 4 to Android directly back to iPhone 4. I learned my lesson and will never leave iOS again.

  5. #4
    I thought this is what makes Firefox take 45 seconds to start up on my computer.

  6. #5
    What's Jailbreak? ShredNasty's Avatar
    Join Date
    Jul 2010
    Location
    New Braunfels, Texas
    Posts
    252
    Thanks
    7
    Thanked 37 Times in 28 Posts

    Besides at a pwnfest, specifically tailored to attack.....
    iPhone 4 to Android directly back to iPhone 4. I learned my lesson and will never leave iOS again.

  7. #6
    I wonder how long though before anti-virus starts to appear for the iPhone?

    I mean, they're are millions of the out there and they're getting used for ever increasingly sensitive tasks, but yet the hackers seem to have left them alone. Can't stay that way for ever.

    Of course, I have no idea what I'm talking about here, so there might be a very good reason why they ain't yet been attacked.

  8. #7
    Glorious. Hope it works well with no drawbacks and gets added to Pwnage Tool.

  9. #8

  10. The Following 2 Users Say Thank You to SirTimothy1 For This Useful Post:

    Electrodaktylus (12-09-2010), kingbijan (12-09-2010)

  11. #9
    iPhoneaholic gthugballin's Avatar
    Join Date
    May 2009
    Location
    Garden Grove, California, United States
    Posts
    439
    Thanks
    62
    Thanked 31 Times in 21 Posts

    Quote Originally Posted by SirTimothy1 View Post
    Hopefully it won't make future jailbreaks harder to come by.

    thtat would suck
    When the police want to know where someone is, they ask apple.

  12. #10
    Quote Originally Posted by SirTimothy1 View Post
    Hopefully it won't make future jailbreaks harder to come by.
    Each and every jailbreak usually does.

  13. #11
    What's Jailbreak?
    Join Date
    Jul 2010
    Posts
    19
    Thanks
    0
    Thanked 2 Times in 1 Post
    Yea, seems like it will make it harder to jailbreak/unlock in the future

  14. #12
    Im going to sound stupid, i know :L but is this good or bad for the jail-breaking community?

  15. #13
    Master Themer (aka gaBzii) jokerg7's Avatar
    Join Date
    Sep 2007
    Location
    Lake Mary, FL
    Posts
    1,965
    Thanks
    2,470
    Thanked 2,545 Times in 1,069 Posts

    could be both good or bad...we won't know until we know exactly what has developed

  16. #14
    My iPhone is a Part of Me zinjen's Avatar
    Join Date
    Sep 2007
    Location
    Scottsdale, AZ
    Posts
    996
    Thanks
    137
    Thanked 242 Times in 140 Posts

    Quote Originally Posted by gaBzii View Post
    could be both good or bad...we won't know until we know exactly what has developed
    Give me 15 minutes, I'll find the root on that SOB. Love a challenge
    Don't forget to hit the thanks button if you liked what I said or did

  17. The Following 2 Users Say Thank You to zinjen For This Useful Post:

    jokerg7 (12-10-2010), ridingsupreme (12-09-2010)

  18. #15
    He needs a cooler name then antidote don't really know him either so will wait and see what the devs think about it first


    Sent from my iPhone using ModMyi

  19. #16
    How in the hell would an anti-malware utility you get AFTER you ran a jailbreak tool make it harder to develop a jailbreak? The only way it could get harder is if Apple adopted it as part of the OS or an app did the same thing (which is impossible due to the fact apps can't tweak the OS).

  20. #17
    Livin the iPhone Life javiert30's Avatar
    Join Date
    Dec 2007
    Location
    New Orleans - Who dat nation
    Posts
    1,224
    Thanks
    80
    Thanked 115 Times in 88 Posts

    Quote Originally Posted by wolverinemarky View Post
    He needs a cooler name then antidote don't really know him either so will wait and see what the devs think about it first


    Sent from my iPhone using ModMyi
    I think he called it antid0te based in greenp0ison...
    Drive Safe with Trapster
    Speedtrap App

  21. #18
    And we need this why? There is no malware for the iPhone and the onlything it would probably do is make it harder to find JB exploits
    Name? whereswaldo
    iDevice + Firmware? 32GB Black iPhone 4 iOS 5.0
    Computer + OS? Dell Inspiron 15R 2nd Gen i5, 2.3 Ghz, 750GB HDD, 8GB RAM Windows 7 HP
    Location? Toronto
    Found yet? No

  22. The Following User Says Thank You to whereswaldo For This Useful Post:

    DRFP (12-13-2010)

  23. #19
    Quote Originally Posted by whereswaldo View Post
    And we need this why? There is no malware for the iPhone and the onlything it would probably do is make it harder to find JB exploits
    Bingo. This ******* is probably going to be burning a perfectly good exploit we could save for future firmwares.

  24. #20
    Seriously, I'm super curious, how can a jailbreak tweak that can only affect the OS after you jailbreak and install it hinder an exploit being used? It's like saying the PDF patch from Cydia should have stopped JailbreakMe.com, the way I see it. Someone explain.

Page 1 of 3 123 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •