Comments
Clive Robinson • September 23, 2016 11:42 AM
So another jailbreak on an Apple product.
Should we realy be surprised?
Maybe disappointed?
No to both.
Loosely the OS is a variation of *nix with the old much debated problem of the “all or nothing” nature of the Super User account (root).
I’ve indicated on this blog a number of times that there is no possibility of 100% security in what is in effect a single CPU system. In fact there appears to be a fairly solid mathmatical reason to say so dating back to the 1930’s. But even if your maths is not much above that taught to a 12year old you can see the logic behind why it might be so.
The actual CPU has no real security built in, it instead uses additional hardware that is normaly looked on as the way to have “Virtual Memory” with the secondary role of protecting segments of memory. We also know that the page tables behind this are stored in the same memory devices that the application executable code and data is stored. We know that the likes of the “RowHammer Attack” can be used to change the page tables due to hardware defects. Likewise other “below CPU” attacks such as via DMA controlers has been used.
The software of the OS and it’s drivers can only reach a very limited way down the computing stack. If you can work out how to get below the CPU level of the stack, then it realy is game over security wise as you can manipulate anything in memory by a series of steps. Think of it as similar to aligning the gate notched wheels in a combination lock, get them lined up right and the lock opens…
Jim • September 23, 2016 11:56 AM
Even more worrying:
https://news.ycombinator.com/item?id=12562849
https://twitter.com/thorsheim/status/779206805230608384
We looked into it, and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older.
Chets • September 23, 2016 5:22 PM
Obvious management in action at ycombinator:
robmcm 14 hours ago
Humm, a skeptical view of this would suggest deliberate weakening of security.
Perhaps not a full back door, but more of an open upstairs window?
sosborn 13 hours ago [FBI 1035-960 bot]
Why does everything have to be a conspiracy?
robmcm 12 hours ago
perhaps because the old API is still there? This appears to be a new less secure duplicate, with seemingly no benefit.
Also Apple took a lot of heat from the FBI case, perhaps this was part of the deal for them to drop the suit, which isn’t a blatant back door.
The proof will be in their response to the issue.
croon 13 hours ago
Because people have faith in other people not being complete dullards.
kalleboo 11 hours ago [FBI stupid-not-evil bot]
That doesn’t work either because Apple would have to be complete dullards to not realize that someone would found this obvious flaw within a week of the release of the OS. Especially right after launching a bug bounty.
…
0x0 14 hours ago
Why would apple implement a new weaker scheme in parallel to the existing old? Are the designers of the otherwise so secure enclave blundering? Or is this done on purpose?! (Hard to believe they would believe they would get away with it, so… amateur hour accident?)
Is this Apple’s Bitlocker Elephant Diffuser?
Can I have some extrabacon with that?!
bsamuels 14 hours ago [FBI Oops bot]
yes, the company that went out of their way to fab their own soc JUST for encryption/improving device security purposefully degraded their password backup scheme to allow the government to break into their devices
i dont even like apple but come on, the hyperbole can only go so far
JohnStrange 9 hours ago
You do know that it was possible to get the FileVault password for other users with a simple grep command up until OS X 10.7, don’t you?
r • September 23, 2016 8:18 PM
@Chets,
I vote for you to have the response of the week if those tags are legit, the sad thing is I cannot see them on the site currently.
Anyone capable of verifying ?
Clive Robinson • September 24, 2016 1:56 AM
If we are talking conspiracies, let’s chuck in a mole doing an insider attack…
From some of what is being said, it would appear somebody “cut out” the part of the software that sloes down checking the password. Thus gurssing attacks becomes a couple of thousand times faster…
So we get the thought “Man that is so dumb it’s got to be deliberate” which gives the thought “Man the Man must have a secret agent in there” and that’s all you need for a conspiracy theory to start.
All of which is why life realy is stranger than fiction from time to time…
TJ • September 24, 2016 4:48 PM
Yep memory corruption still exists..Even for Apple software and firmware.. :T
EvilKiru • September 24, 2016 7:21 PM
I wonder if the password guessing speed is one of the things fixed in the iOS 10.0.2 patch.
Jim N • September 24, 2016 8:24 PM
it’s looking more and more lkely that they made some sort of deal with the man. :L
Developer Backdoor? • September 25, 2016 2:51 PM
I wonder about the ‘threat’ model of activist employees putting intentional backdoors into locked down walled garden style products. The other one that comes to mind is that one where android(IIRC) had something where every keyboard character got fed in the background into a root shell.
One can imagine activist developers not in line with the corporate agenda throwing in a few of these to help out the hackers who then leverage the initial exploit to ‘hold onto root’ long enough to figure out a better exploit that wasn’t of the gift variety.
It’s a theory…
ciphertext • September 28, 2016 11:48 AM
To add to the conspiracy thinking…
Some time back, wasn’t it put forth that a group in Israel had found a way to decrypt the contents of an iPhone for the FBI? It was for the case that involved the terrorist and his wife that went on a shooting spree in southern California.
Oddly enough there are rumors that the iPhone 8 hardware is being developed in Israel.
I am not ready to dawn my tinfoil hat and RFID blocking underwear just yet, but it does seem awfully convenient how these sorts of “developments” are lining up. I’m certainly viewing Apple’s commitment to “security” with more skeptical an eye these days. Perhaps their definition of what makes a device and its attendant software secure doesn’t match with mine.
Apple_Watches_&_Fixes_it's_Intllctl_Prprty? • September 28, 2016 12:41 PM
@Clive and other SoS fans
Run by a Christian Arab, who speaks Arabic, Hebrew, and French … A fascinatining story about Apple’s ARM based, I think, iOS semiconductor Chip design in Israel:
http://www.bloomberg.com/features/2016-johny-srouji-apple-chief-chipmaker/
At least Apple makes a public display of advocating for the consumer. What US vendor are you going to trust more than Apple to stand-up, the best they can, to big governments around the world? Perhaps it takes big buisnesses to tango with big governments.
Jason Williams • February 11, 2017 12:45 AM
Can you explain me the whole process of doing it?
Charles Mounts • July 12, 2017 9:23 AM
If you are into iOS community, you must have heard by now about the upcoming iOS 11 beta 3 download for iPhone and iPad devices. Apple will reveal it during WWDC 2017 for developers. It will be available for developers only, but you can also install iOS 11.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Jim N • September 23, 2016 11:29 AM
Did we beat the Chinese to it?