aslr
Latest
Stagefright exploit reliably attacks Android phones (updated)
You may know that the Stagefright security flaw is theoretically dangerous, but it hasn't been that risky in practice -- it's just too difficult to implement on an Android device in a reliable way. Or rather, it was. Security researchers at NorthBit have developed a proof-of-concept Stagefright exploit, Metaphor, that reliably compromises Android phones. The key is a back-and-forth procedure that gauges a device's defenses before diving in. Visit a website with a maliciously-designed MPEG-4 video and the attack will crash Android's media server, send hardware data back to the attacker, send another video file, collect additional security data and deliver one last video file that actually infects the device.
Address space randomization adds extra security for jailbroken iPhones
Reduced security is among the top reasons given by Apple and enterprise information technology managers for their opposition to iPhone jailbreaking, but at least one white-hat hacker is out to prove them all wrong. German security consultant Stefan Esser of SektionEins will introduce a tool this week called antid0te at the Power of Community conference in Seoul, South Korea. Antid0te will combine the ability to jailbreak iOS devices and then automatically add a capability called Address Space Layout Randomization (ASLR). Since the earliest days of computing, basic system files have typically loaded to the specific addresses in memory, which makes it easier for attackers to directly change the data or code stored there. Randomizing the locations where that code resides adds an extra layer of security. That's why Microsoft has incorporated ASLR into its operating systems since Windows Vista debuted -- even Windows Phone 7 has this feature. Apple, on the other hand, has only done a limited ASLR implementation in OS X and none at all in iOS. The debut of antid0te comes on the heels of the news that Apple has removed a jailbreak detection API from iOS 4.2. This function was used by some corporate IT departments to ensure that company issued iOS devices were not jailbroken. Apple has not said why the API was removed, but at least IT departments can breathe a bit easier as long as employees stick to antid0te for their jailbreaking needs. [via Engadget]
Apple mysteriously kills jailbreak detection API while hacker boosts iOS security, irony restored
It's no secret that Apple's been keen to monitor the lot of naughty jailbreakers, but it turns out the company has recently shelved iOS 4.0's jailbreak detection API with no explanation given. While this has little effect on the average user, Network World explains that this is bad news for enterprise IT and MDM (mobile device management) vendors, who will now have one fewer channel for checking whether a user's iOS device has been jailbroken and thus become vulnerable to attacks. That said, apparently this isn't a huge loss for the MDM vendors, anyway; but the real question is why drop the API now? Could its presence alone be a threat? We'll probably never know. Fear not, though, as some folks have put jailbreaking to good use. The Register reports that come Tuesday, Stefan Esser of Sektion Eins will demonstrate a tool called antid0te, which reportedly adds ASLR (address space layout randomization) onto jailbroken iOS devices. In a nutshell, ASLR randomizes key memory locations to make it more difficult for certain attacks to locate their target data. According to the famed white hat hacker Charlie Miller, this technique is already present on Windows Phone 7 and desktop Windows since Vista, but Apple's only dabbled with it on OS X and not on iOS. Now, this doesn't mean that jailbroken devices will be fully safeguarded, but some protection is better than no protection, right? [Thanks, wooba]
