13 December, 2010

Apple mysteriously kills jailbreak detection API while hacker boosts iOS security, irony restored

It's no secret that Apple's been keen to monitor the lot of naughty jailbreakers, but it turns out the company has recently shelved iOS 4.0's jailbreak detection API with no explanation given. While this has little effect on the average user, Network World explains that this is bad news for enterprise IT and MDM (mobile device management) vendors, who will now have one fewer channel for checking whether a user's iOS device has been jailbroken and thus become vulnerable to attacks. That said, apparently this isn't a huge loss for the MDM vendors, anyway; but the real question is why drop the API now? Could its presence alone be a threat? We'll probably never know.

Fear not, though, as some folks have put jailbreaking to good use. The Register reports that come Tuesday, Stefan Esser of Sektion Eins will demonstrate a tool called antid0te, which reportedly adds ASLR (address space layout randomization) onto jailbroken iOS devices. In a nutshell, ASLR randomizes key memory locations to make it more difficult for certain attacks to locate their target data. According to the famed white hat hacker Charlie Miller, this technique is already present on Windows Phone 7 and desktop Windows since Vista, but Apple's only dabbled with it on OS X and not on iOS. Now, this doesn't mean that jailbroken devices will be fully safeguarded, but some protection is better than no protection, right?


Source: engadget.com

No comments:

Post a Comment