The iPhone’s security was easily compromised at the latest Pwn2Own Conference. One of the security experts there is now promising a new jailbreak tool called antid0te that will bring enhanced security for iOS devices.
What is ASLR?
Short for address space layout randomization, ASLR has been noticeably absent from all iOS devices since their inception, making possible the types of attacks that commandeered a fully patched iPhone at this year’s Pwn2Own hacker contest. By randomizing the memory locations where injected code is executed, ASLR aims to thwart such exploits by making it impossible to know ahead of time where malicious payloads are located.
The man behind antid0te is Stefan Esser from Germany, a developer for SektionEins. He plans to release the jailbreak tool antid0te at at the Power of Security Conference taking place in Seoul on December 14th.
â€œThis enables users with jailbroken iPhones to create their own set of dyld_shared_cache files that have completely different library load addresses from every other iPhone in the world,â€ Esser wrote in an email. â€œThis is already a better ASLR than what exists on Snow Leopard because different applications can use different shared caches and therefore different load addresses.â€
This will get interesting once this new jailbreak tool is released. What will the iPhone Dev Team think of it? How safe/easy will it be to implement? We’ll have to wait and find out.