A security researcher claims changes Apple made to tighten its kernel security system in iOS 7 instead weakened the system, making it less secure than its iOS 6 counterpart. (Via CNET and ThreatPost) Azimuth Security researcher Tarjei Mandt discovered the flaw and presented his findings last week at CanSecWest.

The security flaw involves the random number generator Apple uses to secure its kernel. In iOS 6, the number generator that encrypted the kernel derived its values in part from the CPU clock counter. Because it was based on time, the encryption was only marginally secure as the output values were predictable, especially when examining successive numbers.

ios7-early-random-number
Apple was aware of the limitations in iOS 6 and attempted to tighten security in iOS 7 by changing the random number generator to a linear congruential generator, which is more susceptible to brute force attacks.

The problem with the new generator in iOS 7 is that it uses a linear recursion algorithm, Mandt said, which has "more correlation" between the values it generates. That makes them easier to extrapolate and guess, he said.

This flaw potentially allows a malicious hacker to gain kernel-level access to an iOS device via an unpatched vulnerability. The kernel is the base part of the iOS operating system and controls low-level functions such as security and resource allocation.

Apple approached Mandt about his findings and asked for his CanSecWest slide presentation.

Related Forum: iOS 7

Top Rated Comments

Calexander3103 Avatar
Calexander3103
142 months ago
Deliberate back door?

Couldn't have been an accident that someone missed, could it? Nah....everyone get your tin foil hats out cause everyone's out to get us.


In reality, props to white-hat hackers like Mandt
Score: 9 Votes (Like | Disagree)
C DM Avatar
C DM
142 months ago
I like how negative things like this never makes it to the Front Page and not many throwing a punch at Apple like they do for other companies. I am sure if it was any other company, this news would have been the first frontage news. I feel this is done deliberately by MacRumors for generating $$. Just pathetic.
I came across this story on the front page of MacRumors, as I'm sure many others did.
Score: 3 Votes (Like | Disagree)
Laird Knox Avatar
Laird Knox
142 months ago
Random Number Generators are a tricky business. The company I work for has a whole slew of patents and protected IP just for the RNG we use.
Score: 3 Votes (Like | Disagree)
ArtOfWarfare Avatar
ArtOfWarfare
142 months ago
Modern Intel chips (made after 2008 I think) have ISK which produces actual random values rather than pseudo ones. I guess ARM lacks that right now.
Score: 3 Votes (Like | Disagree)
dumastudetto Avatar
dumastudetto
142 months ago
Deliberate back door?

No. Apple would never do this. They never compromise on customer security for anyone.
Score: 3 Votes (Like | Disagree)
gnasher729 Avatar
gnasher729
142 months ago
It's not in the slides but I'd be curious to know how much brute force is required?
It reads like a restart would require calculation to start again?

Could an app be crafted inside the sandbox to not only gather enough info but to also then have enough time to process that info to get the information it needs to launch an attack without highlighting is presents.

Yes "security by obscurity" = bad. Yes, could be better.
Still if attack needs more than minutes of full throttle processing it goes to take some fairly careful crafting to hid it. Putting more in "Alert but not Alarmed" territory.

It's very hard to say how much of a problem there actually is. My understanding - which may be wrong - is that this random number generator is used at the very early stages while iOS is booting, and is then replaced with something a lot stronger. There's the claim that the random number sequence could be predicted, but then I wonder which non-Apple software would be running on the device at the early stages when this random number generator is in use. Quite possibly none at all.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone 17 Pro Dual Tone Horizontal 1

iPhone 17 Pro Launching This Year With These 8 New Features

Tuesday January 28, 2025 11:48 am PST by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro concept based on rumors Below, we recap key changes rumored for the iPhone 17 Pro models as of January 2025: More aluminum: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models ...
Read Full Article
airpods 4 blue

Apple Finally Explains How to Install New Firmware on Your AirPods

Monday January 27, 2025 11:17 am PST by
Apple regularly releases new firmware for the AirPods, AirPods Pro, and AirPods Max, but the company has historically provided limited information on how to initiate an update. That changed today, and Apple updated its AirPods firmware support page with more specific instructions. Prior to today, here's what Apple said on the subject: Firmware updates are delivered automatically while your...
Read Full Article58 comments
tvOS 18 Thumb 3

Apple Releases tvOS 18.3

Monday January 27, 2025 10:00 am PST by
Apple today released tvOS 18.3, the newest version of the tvOS 18 operating system that came out in September. tvOS 18.3 comes more than a month after Apple released tvOS 18.2, and it is available for the Apple TV 4K and the Apple TV HD models. tvOS 18.3 can be downloaded using the Settings app on the ‌Apple TV‌. Open up Settings and go to System > Software Update to get the new software....
Read Full Article20 comments
M6 MacBook Pro Feature 1

5 Reasons to Wait for Next Year's MacBook Pro

Monday January 27, 2025 4:25 am PST by
Apple in October 2024 overhauled its 14-inch and 16-inch MacBook Pro models, adding M4, M4 Pro, and M4 Max chips, Thunderbolt 5 ports on higher-end models, display changes, and more. That's quite a lot of updates in one go, but if you think this means a further major refresh for the MacBook Pro is now several years away, think again. Bloomberg's Mark Gurman has said he expects only a small...
Read Full Article110 comments
ipad january sale

Amazon's New iPad Sale Has Up to $300 Off M4 iPad Pro, M2 iPad Air, and iPad Mini 7

Tuesday January 28, 2025 7:32 am PST by
Today we're tracking a few iPad discounts on Amazon, including the new iPad mini 7, M2 iPad Air, and M4 iPad Pro. These deals include multiple all-time low prices on Apple's tablets, matching the prices we tracked over the holiday season in many cases. Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us...
Read Full Article28 comments
iPhone 17 Air Size Feature

iPhone 17 Air Design, Specs, and More: All the Rumors So Far

Wednesday January 29, 2025 4:00 am PST by
This year, Apple is expected to discontinue the iPhone "Plus" device in its iPhone 17 lineup to make way for an iPhone "Air," so-called because of its thin profile. Below is a compilation of every rumor and leak we have registered from reputable sources thus far about Apple's new entry in its flagship smartphone lineup. iPhone 17 "Air"? About the Name There has been some uncertainty...
Read Full Article60 comments
iPhone SE 4 Thumb 1

iPhone SE 4 to Have Notch Instead of Dynamic Island

Tuesday January 28, 2025 1:49 pm PST by
The upcoming iPhone SE 4 will feature a notch instead of the Dynamic Island, respected display analyst Ross Young said today. The device will have a "notch like the iPhone 14," according to Young, which contradicts a recent leak that depicted a Dynamic Island. Earlier this month, leaker Evan Blass shared images said to feature the iPhone SE 4's design, but those images featured an iPhone...
Read Full Article134 comments