Security. Mobile. Those two words make an odd and disconcerting couple these days. But mobile security flaws rear their ugly heads more frequently these days. In a report from the CanSecWest conference in Vancouver, CNET is reporting that a security researcher has delivered a presentation that highlights a serious kernel level security flaw in iOS 7. Azimuth Security researcher Tarjei Mandt claims that Apple goofed when it was actually trying to improve security by changing the random number generator to improve its kernel encryption methods.
Prior to the change Apple had been leveraging the iOS CPS clock counter for randomizing purposes. That method made guessing difficult but still could have been improved upon. Seeking to do just that kind of security improvement Apple went instead to a linear recursion algorithm which in the end makes guessing certain variables easier. While Apple did not respond to CNET’s queries about the flaw after the presentation, Mandt is quoted as saying, “Apple approached me afterwards and they appeared to be kind of concerned.”
Mandt says that this flaw, if left unchecked, could roll back 10 years of security hardening techniques in iOS. Mandt’s report raises new concerns going forward about iOS security, but at least this is being delivered in the context of seeking answers instead of discovering it once the exploit has been taken advantage of.
The CNET report also includes some interesting reporting on Android security noting that Android’s fragmentation makes it much more difficult for users to receive security updates.
Samsung Galaxy Android 10 Update Info (2020)
With the Samsung Galaxy Android 10 update rolling out to some devices and new info starting to emerge, we want...
4 Reasons Not to Install iOS 13.3.1 & 11 Reasons You Should
The iOS 13.3.1 update is a maintenance release and it could have a huge impact on your iPhone’s performance. While some...