A hacker is i0n1c that today, has an amazing presentation published on the exploitation of the IOS kernel. Read more after the jump.
For the uninitiated, is Stefen "i0n1c" eater safety expert from Germany. He is popular with the jailbreak community to search for the exploit to jailbreak 4.3.1 untethered iOS. This exploit was for iOS jailbreak 4.3.2 and 4.3.3 used (JailbreakMe used to use another), but it was patched by Apple in the next iOS 4.3.5 and 5.
The presentation published today (by i0n1c Blackhat security conference announced in August) is 97 pages and consists of a lot of very technical detail that goes beyond the understanding of how the average user about overflow i0n1c buffer stack and heap buffer overflows, which uses are to the kernel (the component that acts as a bridge between the iOS software and hardware-file) and finally, since this exploit is used to exploit jailbreak the device.
Here is a brief description of what is expected from the entire presentation:
The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled “Targeting the iOS Kernel” already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.The most interesting thing that I personally find the presentation hardware, i0n1c be used to the kernel, a 470kΩ resistor, two mini USB-B cable for USB-A port, USB breakout to find exploits to board and a serial interface that PodGizmo are connected as indicated above.
This session will introduce the audience to kernel level exploitation of iPhones. With the help of previously disclosed kernel vulnerabilities the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows will be discussed.
If you are interested in IOS development and have some knowledge on how to jailbreak, you may need to present a reading i0n1c want.
Download i0n1c’s iOS Kernel Exploitation Presentation
No comments:
Post a Comment