[News] Antid0te Jailbreak Tool Promises to Bring Enhanced Security to Jailbroken iOS Devices *Update*
Thursday, December 16, 2010
Posted by skygoat76 in news
We have already told you about an upcoming tool named Antid0te which promises to enhance the security mechanism of all the current jailbroken iOS devices so that they are secured as much, or even more than the non-jailbroken iOS devices. This new method uses ASLR (Address Space Layout Randomization) process which has been absent from all the current iOS devices, making them vulnerable to attacks such as the ones demonstrated at Pwn2Own contest.
The developer behind Antid0te has now released official details about this upcoming tool which should pretty much answer all your questions.
When will it be released?
Media wrongly reported an antid0te release date of 14th December. However this date was never announced from my side. Antid0te will be released once it is ready which should be around 24th of December.
Is it a new jailbreak?
Media wrongly reported that antid0te is a new jailbreak. However this is wrong. Antid0te will be a tool that you can use together with the pwnagetool, redsn0w and maybe greenpois0n jailbreaks.
Will you burn another exploit?
No! Antid0te will be a tool used with already jailbroken iPhones. So there is no additional exploit used.
What devices and firmware is antid0te compatible to?
For now all devices are supported at iOS 4.2.1. iPad 3.x will never be supported. Support for iPhone 4 at iOS 4.1 and iPod 4G at iOS 4.1 should be released, too. There most probably will be no support for iPhone 3G and iPod 2G at anything lower than 4.2.1 because their jailbreak is already untethered.
Will antid0te make my iPhone unhackable?
There is no such thing as unhackability. Antid0te will add ASLR to your iPhone. ASLR basicly means that the program libraries, the dynamic linker, the program stack and for some selected binaries also the main binary are loaded at different (random) addresses in memory. This makes the process of exploitation a lot harder. In the general case this means that instead of one security hole the attacker needs atleast another security hole that allows him to determine/leak the memory addresses on your iPhone. Therefore antid0te increases the cost (time, money, resources) for an attacker to write a successfull exploit.
Isn’t ASLR broken?
If you have read somewhere (like in the theregister.com article comments) that ASLR is broken and can be easily bypassed, you must know that these comments are written by people that maybe have heard/read some things about exploitation but never attempted to actually write a real world exploit. Among real security researchers these comments usually cause a lot of amusement. It is well known that DEP/NX without ASLR and ASLR without DEP/NX are not optimal protections but in combination they are the best exploit mitigation available at the moment. And the iPhone already has DEP/NX in place, so adding ASLR is about time.
Will Antid0te destroy the possibility of future jailbreaks?Stefan plans to release it a day before Christmas, that is on 24th of December 2010. We will of course cover all the details about Antid0te once it is released to public. Stay tuned !
Well first of all antid0te by itself will be installed AFTER you jailbreak your device, so that it does not affect the jailbreaking process at all. However in the long run the existence of antid0te might trigger Apple to finally add ASLR to factory iPhones. However Apple’s current iOS 3/4 design decisions make adding ASLR a not so simple task. Therefore it will take them some time to achieve that. I strongly suspect 2011 to become the year of wide spread mobile phone malware/worms. So Apple will have to add it at some point. However only time will tell. So yes, if antid0te causes a faster ASLR release for factory iPhones it will make jailbreaking harder in the future. However I strongly believe that a more secure factory iPhone is more important than a somewhat easier jailbreaking process.
--------------------------
In a TED talk held last month, Cydia creator Saurik said that only about 10% percent of iPhone users jailbreak their iPhones. One of the biggest reason why people don’t jailbreak their iPhones is because of the increased security concerns, which may effect their private and confidential data stored on the device.
While jailbreakers are encouraged to change their default root password, it still doesn’t make the jailbroken iOS devices secured as much as the non-jailbroken ones because of all the security protections that Apple has put in the place.
But now, a hacker named Stefan Esser has found a new method which promises to jailbreak iOS devices with all the enhanced security mechanisms in place so that the jailbroken iOS devices are secured as much, or even more than the non-jailbroken ones. This new method uses ASLR (Address Space Layout Randomization) which has been absent from all the current iOS devices, making them vulnerable to attacks such as the ones demonstrated at Pwn2Own contest.
Stefan plans to unveil a new jailbreak tool called Antid0te which will automatically jailbreak and fortify iOS devices with ASLR.
This enables users with jailbroken iPhones to create their own set of dyld_shared_cache files that have completely different library load addresses from every other iPhone in the world,” Esser wrote in an email. “This is already a better ASLR than what exists on Snow Leopard because different applications can use different shared caches and therefore different load addresses.