When iOS 7 first hit the streets, one of the goals was to make it more secure than iOS 6. Now it turns out that one of those changes to make it more secure actually weakened it. Tarjei Mandt discovered the flaw and presented his findings last week at CanSecWest. Now if you read his blog post, it’s extremely technical. So I will make it as simple as I can for you. For a variety of security related reasons, iOS calculates randomly generated numbers and uses those. Now if the numbers can be guessed, their randomness is irrelevant, and the kernel which is key to the control of the the iOS phone or tablet can be hacked. The problem with the way iOS 7 does this is that it uses a linear recursion algorithm. This paper explains what this type of algorithm is. But if you’ve ever sung “99 bottles of beer on the wall” then you’ve experienced a linear recursion algorithm. It also highlights the weakness with this algorithm. It’s easy to guess if you figure out what should be coming next. Now Apple was at CanSecWest so it’s a safe bet that they’re aware of this. The question is, how long will it take them to fix it?
Related
This entry was posted on March 17, 2014 at 4:24 pm and is filed under Commentary with tags Apple, iOS 7, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Is iOS7 Less Secure Than iOS6?
When iOS 7 first hit the streets, one of the goals was to make it more secure than iOS 6. Now it turns out that one of those changes to make it more secure actually weakened it. Tarjei Mandt discovered the flaw and presented his findings last week at CanSecWest. Now if you read his blog post, it’s extremely technical. So I will make it as simple as I can for you. For a variety of security related reasons, iOS calculates randomly generated numbers and uses those. Now if the numbers can be guessed, their randomness is irrelevant, and the kernel which is key to the control of the the iOS phone or tablet can be hacked. The problem with the way iOS 7 does this is that it uses a linear recursion algorithm. This paper explains what this type of algorithm is. But if you’ve ever sung “99 bottles of beer on the wall” then you’ve experienced a linear recursion algorithm. It also highlights the weakness with this algorithm. It’s easy to guess if you figure out what should be coming next. Now Apple was at CanSecWest so it’s a safe bet that they’re aware of this. The question is, how long will it take them to fix it?
Share this:
Like this:
Related
This entry was posted on March 17, 2014 at 4:24 pm and is filed under Commentary with tags Apple, iOS 7, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.