Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Researcher: iOS 7 security at risk from weak random number generator

Researcher: iOS 7 security at risk from weak random number generator
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Mar 14, 2014, 03:49 PM
 
All mobile operating systems require what is called an Early Random Pseudorandom Number Generator (PRNG) to give the operating system some security from kernel exploits. Researchers have warned that the new one implemented in iOS 7 is potentially vulnerable to brute force attacks, and can be relatively easy to predict -- making security exploits somewhat easier to develop, if left unpatched.

The random number generator protects memory allocation by stumping buffer overflow attacks, obfuscating where code is running and how to intercept or alter the contents of RAM. These steps are taken to prevent alterations to running software -- as well as the buffer overflow attack, allowing arbitrary code to be executed -- are called mitigations.

PRNGs are vital for cryptography -- cryptographic applications require the output to also be unpredictable. A predictable random number generator used to develop keys for cryptography leads to insecure keys, prone to easier breaking. Any logical device generating a random number uses a mathematical formula and a "seed" value derived from a changing source, typically a time signal, in its generation.

In Apple's case, the seed for the random number in iOS 7 is derived from a source more readily observed and predictable, with fewer changes than the version used in iOS 6, which was also flawed. "All the mitigations deployed by the iOS kernel essentially depend on the robustness of the Early Random PRNG," Azimuth Security senior researcher Tarjei Mandt claimed. "It must provide sufficient entropy and non-predictable output."

While researching the matter, Mandt found that "we found that an unprivileged attacker, even when confined by the most restrictive sandbox, can recover arbitrary outputs from the generator and consequently bypass all the exploit mitigations that rely on the early random PRNG."

"Quite a bit of mitigations rely on the PRNG," Mandt said. "If the generator is broken, all of this is pretty much useless." Apple representatives were able to see Mandt's slides for his speech at security trade show CanSecWest prior to his presentation, but the company had not been informed of the potential weaknesses by Mandt before that, leaving them unable to correct the issue before the presentation.
( Last edited by NewsPoster; Mar 17, 2014 at 03:33 AM. )
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 11:49 PM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2