Apple designed iOS with security at its core. But as a security researcher unveiled at the CanSecWest conference this week (and in a blog post earlier last week), with iOS 7 the iPhone maker imposed some changes that make the devices running its mobile OS less secure (via CNET).
According to Azimuth Security researcher Tarjei Mandt, Apple made a mistake when it changed its pseudorandom number generator, known as the early_random()PRNG, with the aim to enhance the kernel encryption in iOS 7.
A pseudorandom number generator (PRNG) is an algorithm for generating a sequence of random numbers that approximates the properties of random numbers, but it differs from the latter in that they are deterministic and seeded with an initial state but commonly used in software for their speed and reproducibility, the white paper explains.
The problem with the new generator is that it uses a linear recursion algorithm, according to Mandt, which makes guessing easier, he adds.
Since security is important for Apple and its users, the iPhone maker takes uncovered flaws seriously — Apple credited Evad3rs for several security flaws fixed with iOS 7.1 — and approached the security researcher after his presentation. However, there is no official statement yet.
While the white paper isn’t specific in mentioning iOS 7 versions, we must note that iOS 7.1 was released just a couple of days before the Azimuth blog post was published, so we assume that they have focused on earlier versions of iOS 7.
Stay tuned, we’ll update this post if Apple issues a comment.