Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
iPhone Newsforums, a part of the
A German security analyst is about to unveil a new jailbreaking process that will make iPhones much more secure. Stefan Esser, a security consultant and application developer for SektionEins, has...
12-09-2010, 12:05 PM #1
antid0te Will Harden the iPhone Against Malware
A German security analyst is about to unveil a new jailbreaking process that will make iPhones much more secure. Stefan Esser, a security consultant and application developer for SektionEins, has found a way to support Address Space Layout Randomization (ASLR) in iOS, and has developed a new jailbreak tool - to be called antid0te - to implement it, making iPhones much more resistant to malware attacks. The tool will be announced at a security conference next week and should be available soon thereafter.
ASLR works by randomly assigning data to memory to make it tougher for attackers to figure out the location of critical operating system functions, greatly increasing the difficulty of designing reliable exploits. ASLR was built into Windows Vista over three years ago, and is supported in Windows Phone 7, as well as (to a limited extent) in Mac OS X. However, it isn't present at all on iOS, instead Apple relies on Data Execution Protection sandboxing to make iPhones resistant to attack. This is kind of like welding your car doors shut as an anti-theft measure: sure, the car will be harder to steal, but it will also be a lot less useful. Jailbreaking defeats sandbox protection in order to allow you to load the software you want, but at the same time a layer of Apple's brittle defense is removed, allowing worms like Ikee to access protected memory. The absence of robust security like ASLR in iOS allowed security researchers at this year's Pwn2Own hacking contest to break into a stock iPhone and hijack the entire SMS database, including deleted messages, in about 20 seconds.
Esser will be presenting antid0te at the Power of Community security conference in Korea on December 14th. "With ASLR," the conference notes explain, "an exploit mitigation is added that is not available in factory iPhones and makes exploitation more difficult." And according to Esser, he's going to continue to work on further hardening the iPhone: "more mitigations and a full reactivation of the codesigning protection are planed [sic] for the next months."
Source: The Register
Last edited by Paul Daniel Ash; 12-09-2010 at 12:12 PM.
12-09-2010, 12:08 PM #2
Interested to see this
12-09-2010, 12:17 PM #3
Ok? When was the last time an iPhone got attacked? Hell, when was the first time?iPhone 4 to Android directly back to iPhone 4. I learned my lesson and will never leave iOS again.
12-09-2010, 12:17 PM #4
I thought this is what makes Firefox take 45 seconds to start up on my computer.
12-09-2010, 12:19 PM #5
Besides at a pwnfest, specifically tailored to attack.....iPhone 4 to Android directly back to iPhone 4. I learned my lesson and will never leave iOS again.
12-09-2010, 12:42 PM #6
I wonder how long though before anti-virus starts to appear for the iPhone?
I mean, they're are millions of the out there and they're getting used for ever increasingly sensitive tasks, but yet the hackers seem to have left them alone. Can't stay that way for ever.
Of course, I have no idea what I'm talking about here, so there might be a very good reason why they ain't yet been attacked.
12-09-2010, 12:43 PM #7
Glorious. Hope it works well with no drawbacks and gets added to Pwnage Tool.
12-09-2010, 12:59 PM #8
12-09-2010, 01:21 PM #9
12-09-2010, 01:21 PM #10
12-09-2010, 01:24 PM #11
- Join Date
- Jul 2010
- Thanked 2 Times in 1 Post
Yea, seems like it will make it harder to jailbreak/unlock in the future
12-09-2010, 01:25 PM #12
Im going to sound stupid, i know :L but is this good or bad for the jail-breaking community?
12-09-2010, 01:28 PM #13
could be both good or bad...we won't know until we know exactly what has developed
12-09-2010, 01:54 PM #14
12-09-2010, 02:08 PM #15
He needs a cooler name then antidote don't really know him either so will wait and see what the devs think about it first
Sent from my iPhone using ModMyi
12-09-2010, 02:42 PM #16
How in the hell would an anti-malware utility you get AFTER you ran a jailbreak tool make it harder to develop a jailbreak? The only way it could get harder is if Apple adopted it as part of the OS or an app did the same thing (which is impossible due to the fact apps can't tweak the OS).
12-09-2010, 03:04 PM #17
12-09-2010, 04:03 PM #18
And we need this why? There is no malware for the iPhone and the onlything it would probably do is make it harder to find JB exploitsName? whereswaldo
iDevice + Firmware? 32GB Black iPhone 4 iOS 5.0
Computer + OS? Dell Inspiron 15R 2nd Gen i5, 2.3 Ghz, 750GB HDD, 8GB RAM Windows 7 HP
Found yet? No
The Following User Says Thank You to whereswaldo For This Useful Post:
12-09-2010, 04:48 PM #19
12-09-2010, 04:55 PM #20
Seriously, I'm super curious, how can a jailbreak tweak that can only affect the OS after you jailbreak and install it hinder an exploit being used? It's like saying the PDF patch from Cydia should have stopped JailbreakMe.com, the way I see it. Someone explain.