A security researcher claims changes Apple made to tighten its kernel security system in iOS 7 instead weakened the system, making it less secure than its iOS 6 counterpart. (Via CNET and ThreatPost) Azimuth Security researcher Tarjei Mandt discovered the flaw and presented his findings last week at CanSecWest.

The security flaw involves the random number generator Apple uses to secure its kernel. In iOS 6, the number generator that encrypted the kernel derived its values in part from the CPU clock counter. Because it was based on time, the encryption was only marginally secure as the output values were predictable, especially when examining successive numbers.

ios7-early-random-number
Apple was aware of the limitations in iOS 6 and attempted to tighten security in iOS 7 by changing the random number generator to a linear congruential generator, which is more susceptible to brute force attacks.

The problem with the new generator in iOS 7 is that it uses a linear recursion algorithm, Mandt said, which has "more correlation" between the values it generates. That makes them easier to extrapolate and guess, he said.

This flaw potentially allows a malicious hacker to gain kernel-level access to an iOS device via an unpatched vulnerability. The kernel is the base part of the iOS operating system and controls low-level functions such as security and resource allocation.

Apple approached Mandt about his findings and asked for his CanSecWest slide presentation.

Related Forum: iOS 7

Top Rated Comments

Calexander3103 Avatar
Calexander3103
127 months ago
Deliberate back door?

Couldn't have been an accident that someone missed, could it? Nah....everyone get your tin foil hats out cause everyone's out to get us.


In reality, props to white-hat hackers like Mandt
Score: 9 Votes (Like | Disagree)
C DM Avatar
C DM
127 months ago
I like how negative things like this never makes it to the Front Page and not many throwing a punch at Apple like they do for other companies. I am sure if it was any other company, this news would have been the first frontage news. I feel this is done deliberately by MacRumors for generating $$. Just pathetic.
I came across this story on the front page of MacRumors, as I'm sure many others did.
Score: 3 Votes (Like | Disagree)
Laird Knox Avatar
Laird Knox
127 months ago
Random Number Generators are a tricky business. The company I work for has a whole slew of patents and protected IP just for the RNG we use.
Score: 3 Votes (Like | Disagree)
ArtOfWarfare Avatar
ArtOfWarfare
127 months ago
Modern Intel chips (made after 2008 I think) have ISK which produces actual random values rather than pseudo ones. I guess ARM lacks that right now.
Score: 3 Votes (Like | Disagree)
dumastudetto Avatar
dumastudetto
127 months ago
Deliberate back door?

No. Apple would never do this. They never compromise on customer security for anyone.
Score: 3 Votes (Like | Disagree)
gnasher729 Avatar
gnasher729
127 months ago
It's not in the slides but I'd be curious to know how much brute force is required?
It reads like a restart would require calculation to start again?

Could an app be crafted inside the sandbox to not only gather enough info but to also then have enough time to process that info to get the information it needs to launch an attack without highlighting is presents.

Yes "security by obscurity" = bad. Yes, could be better.
Still if attack needs more than minutes of full throttle processing it goes to take some fairly careful crafting to hid it. Putting more in "Alert but not Alarmed" territory.

It's very hard to say how much of a problem there actually is. My understanding - which may be wrong - is that this random number generator is used at the very early stages while iOS is booting, and is then replaced with something a lot stronger. There's the claim that the random number sequence could be predicted, but then I wonder which non-Apple software would be running on the device at the early stages when this random number generator is in use. Quite possibly none at all.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

ios stolen device protection

iOS 17.3 Beta Adds New Stolen Device Protection Feature to iPhone

Tuesday December 12, 2023 10:20 am PST by
The first iOS 17.3 beta rolling out to developers today includes a new "Stolen Device Protection" feature that is designed to add an additional layer of security in the event someone has stolen your iPhone and also obtained the device's passcode. Earlier this year, The Wall Street Journal's Joanna Stern and Nicole Nguyen reported about instances of thieves spying on a victim's iPhone...
Read Full Article135 comments
iOS 17

33 New Things Your iPhone Can Do in iOS 17.2

Tuesday December 12, 2023 1:57 am PST by
Apple has made available for download its major end-of-year iPhone software update, iOS 17.2, featuring a large number of features and changes that users have been anticipating for quite a while. Below, we've listed 33 new things that your iPhone can do once you've installed the update. Check Settings ➝ General ➝ Software Update on your device to get downloading. 1. Help You Keep a Daily ...
Read Full Article153 comments
iPhone 16 Mock Back 1

iPhone 16 Early Prototypes: What Apple's Next-Generation iPhone Will Look Like

Tuesday December 12, 2023 3:07 pm PST by
With the launch of the iPhone 15, Apple introduced design changes like a curved frame and a frosted glass back. Information acquired by MacRumors suggests that Apple's next-generation iPhone 16 will build on these updates with modifications to the buttons and the camera layout. We have details on early pre-production designs for the iPhone 16, including a look at the variants and hardware...
Read Full Article157 comments
CarPlay Phone Call

GM Says It's Nixing CarPlay to Make Drivers Safer

Tuesday December 12, 2023 1:47 pm PST by
Earlier this year, General Motors (GM) announced plans to phase out Apple's CarPlay and Android Auto in its future electric vehicles, with the company instead relying on an infotainment system co-developed with Google. This has not been a popular decision with iPhone users, and today, GM provided some additional insight into the decision in a discussion with MotorTrend. According to Tim...
Read Full Article499 comments
iPhone 16 Side Feature

iPhone 16 Pro Rumored to Have These 12 New Features

Monday December 11, 2023 10:46 am PST by
While the iPhone 16 Pro and iPhone 16 Pro Max are still over nine months away from launching, there are already several rumors about the devices. Below, we have recapped new features and changes expected for the devices so far. These are some of the key changes rumored for the iPhone 16 Pro models as of December 2023:Larger displays: The iPhone 16 Pro and iPhone 16 Pro Max will be equipped...
Read Full Article
Apple TV 2022 Feature Blue

Apple Releases tvOS 17.2 With Revamped Apple TV App

Monday December 11, 2023 9:58 am PST by
Apple today released tvOS 17.2, the second major update to the tvOS 17 operating system that came out in September 2023. tvOS 17.2 comes more than a month after tvOS 17.1, an update that expanded the availability of the Enhanced Dialogue feature. tvOS 17.2 can be downloaded using the Settings app on the ‌Apple TV‌. Go to System > Software Update to get the new software. ‌Apple TV‌...
Read Full Article56 comments
maxresdefault

Top Five Features in macOS Sonoma 14.2

Wednesday December 13, 2023 3:21 pm PST by
When Apple releases new software, iOS updates tend to get most of the attention, and there are sometimes useful new features in Mac updates that go under the radar. That's the case with macOS Sonoma 14.2. It doesn't have flashy features like the Journal app that came in iOS 17.2, but there are a number of useful improvements that make it worth installing. Subscribe to the MacRumors YouTube ...
Read Full Article55 comments