May 22, 2013

floating facebook button arrow left side
You are here: Home / Apple / ASLR security for jailbroken iPhones to be unveiled on Tuesday

ASLR security for jailbroken iPhones to be unveiled on Tuesday

December 13, 2010 By Leave a Comment

Jailbreak Detection API Disabled by Apple1

You could be one of the many people who want to jailbreak their iPhone, but are concerned about a reduction in security. A computer consultant is embarking where Apple has refused to go, adding a security measure known as ASLR to iPhones to make them more resistant to malware attacks.

Short for address space layout randomization, ASLR has been noticeably absent from all iOS devices since their inception, making possible the types of attacks that commandeered a fully patched iPhone at this year’s Pwn2Own hacker contest. By randomizing the memory locations where injected code is executed, ASLR aims to thwart such exploits by making it impossible to know ahead of time where malicious payloads are located.

At a conference scheduled for next week, Stefan Esser, a security consultant and application developer for Germany-based SektionEins, plans to unveil a process for jailbreaking iDevices that automatically fortifies them with ASLR. It works by reordering the contents of dyld_shared_cache, a massive file that houses the libraries.

The hack will come as good news to those who want to jailbreak their iDevices but don’t want to make them unnecessarily more vulnerable. As things stand now, jailbreaking iPhones, iPod Touches and iPads diminishes another security protection known as DEP, or data execution protection, and another measure known as application sandboxing. It also introduces a command shell and other features that can enable attackers.

You should still be wary of jailbreaking your iPhone if it’s an enterprise device, but normal users will have one less thing to worry about. “With Stefan’s stuff, now maybe it’s an option, if you’re a security-conscious person, to still jailbreak your phone because you can pick up ASLR, which is going to make it a lot harder to do exploits,” explains Miller.

Apple’s iOS currently lacks ASLR, though Apple has made some inroads with their Mac OS X. Windows Phone 7, Windows 7, and Windows Vista, on the other hand, already include ASLR. Esser will be unveiling his ASLR solution for the iPhone on Tuesday at the Power of Community security conference in Seoul, South Korea. Stay safe, jailbreakers.

Filed Under: Apple, Events, General, iOS, iPhone, Mobile, News, Sections, Software, What's Hot! Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,


You might like:

  1. Mophie “Juice Pack Plus” Battery for iPhone4 Unveiled; doubles your “iPhone 4″ Power Mophie “Juice Pack Plus” Battery for iPhone4 Unveiled; doubles your “iPhone 4″ Power
  2. “Apple’s white iPhone”-will it be just kept as dream? “Apple’s white iPhone”-will it be just kept as dream?
  3. Giesecke & Devrient Unveils “Mobile Security Card VE 2.0(MicroSD)”; Prevents Tapping Giesecke & Devrient Unveils “Mobile Security Card VE 2.0(MicroSD)”; Prevents Tapping
  4. “Black Friday”-Apple announces the sale with Ad ! “Black Friday”-Apple announces the sale with Ad !
  5. Apple Trying to Beat JailbreakMe to Break iPhone 4 Jailbreak in Next Update Apple Trying to Beat JailbreakMe to Break iPhone 4 Jailbreak in Next Update


Your opinion on :ASLR security for jailbroken iPhones to be unveiled on Tuesday ?