Huge iOS 7 security flaw exposed
Azimuth Security researcher Tarjei Mandt revealed at the CanSecWest conference last week that hackers can easily exploit a purported iOS 7 security flaw that’s derived from Apple’s intention of actually patching a potential security issue in iOS 6 concerning kernel encryption. “Kernel is the most basic level of an operating system that controls things like security, file management, and resource allocation,” CNET writes, with Mandt saying that “in terms of security, [iOS 7 is] much worse than iOS 6.”
In order to encrypt the kernel, Apple uses a random-number generator that has been updated in iOS 7 to provide improved security. However, Mandt says that even though Apple updated its generator, people with malicious intentions knowledgeable about the matter can find ways to guess those random numbers, which would give them access to the entire system.
While he described the matter in great detail in a white paper, Mandt did not reveal any instance in which this potential iOS 7 security feature had been actually taken advantage of. Apple has not commented on the matter, CNET reports, but Mandt says that Apple security engineers have approached him after the presentation and appeared “kind of concerned.” According to the researcher, if left unfixed, this security issue would “roll back 10 years of security-hardening techniques in iOS.”
Apple has recently updated iOS 7 and OS X to fix a different security flaw that allowed third parties to eavesdrop on supposedly encrypted traffic.
More from BGR: Bill Gates: Yes, robots really are about to take your jobs
This article was originally published on BGR.com
Related stories
Only one group of smartphone users comes even close to being as loyal as iPhone diehards
Here's how to turn your iPhone 5s into a 'serious' camera
Video: New iPhone 6 concept envisions a gorgeous design with a twist
