ASLR security coming to jailbroken iPhones with Antid0te

In an effort to make your iPhone more secure, security analyst and jailbreak developer Stefan Esser is releasing Antid0te on December 14th. Address Space Layout Randomization (ASLR) is a security technique which involves randomly arranging the positions of key data areas. This usually includes rearranging the base of the executable and position of libraries, heap, and stack, in a process' address space. This makes it difficult for someone trying to execute shellcode injection on the stack by requiring them to have to first find the stack. Many of the most popular and sophisticated Operating Systems already use ASLR, including Windows, Linux, and Mac OSX (10.5+).

Just how secure is your iPhone? Earlier this year at the Pwn2own hacking competition the winners of the event, Vincenzo Iozzo and Ralf Weinmann, took home first place for hacking an iPhone 3GS and downloading all its stored SMS messages in only 20 seconds. This past summer, jailbreak developer Comex used a PDF exploit that allowed an integer overflow in IOSurface.framework to get root access and privilege.

While Comex used this exploit to jailbreak the device and install Cydia, someone more malicious could have used the same exploit to steal personal data and download it remotely. Jay Freeman, also known as the jailbreak developer and Cydia creator Saurik, released a patch to plug this exploit weeks before Apple released their patch leaving millions vulnerable to a known and dangerous security risk for an extended period of time.

Although some would want you to believe otherwise, jailbreaking a device does not in and of itself make a device less secure. It merely uses existing security holes to give root access and privileges in order to allow the user to make desired changes, including patching security holes and making the device more secure than a jailed and stock iPhone. Like Saurik, Esser believes that iOS does have serious security limitations and that Antid0te will go a long way in resolving some of them.

Is Apple doing enough to make our devices secure? Would you jailbreak for a more secure iPhone? Let us know by leaving a comment below!

0
loading...
0
loading...
0
loading...
0
loading...

← Previously

iPhone Live podcast 129: White lies and iPhones

Next up →

Real Racing 2 for iPhone coming December 16

Reader comments

ASLR security coming to jailbroken iPhones with Antid0te

4 Comments
Sort by Rating

Jailbreaking phones has become a recent phenomena, especially with the iPhone. Non-AT&T users who have SIM cards are able to download software that makes the iPhone available for usage with other networks, like T-Mobile or Sprint. This just shows how badly people desire the best technology available, which some would argue the iPhone is the best phone available. The fact that technology has come about to make this desire a reality just shows how technology is seemingly always accessible through some form.