Slashdot Mirror

← Back to Stories (view on slashdot.org)

Weak Apple PRNG Threatens iOS Exploit Mitigations

Posted by Soulskill on from the also-makes-you-lose-at-poker dept.

Trailrunner7 writes "A revamped early random number generator in iOS 7 is weaker than its vulnerable predecessor and generates predictable outcomes. A researcher today at CanSecWest said an attacker could brute force the Early Random PRNG used by Apple in its mobile operating system to bypass a number of kernel exploit mitigations native to iOS. 'The Early Random PRNG in iOS 7 is surprisingly weak,' said Tarjei Mandt senior security researcher at Azimuth Security. 'The one in iOS 6 is better because this one is deterministic and trivial to brute force.' The Early Random PRNG is important to securing the mitigations used by the iOS kernel. 'All the mitigations deployed by the iOS kernel essentially depend on the robustness of the Early Random PRNG,' Mandt said. 'It must provide sufficient entropy and non-predictable output.'"

5 of 143 comments (clear)

  1. Seems it would be easy to gather entropy.. by Red_Chaos1 · · Score: 4, Insightful

    ..on a smart phone like the iPhone. Use the gyros/accelerometers, make the user draw randomly on the screen, maybe use random info like wifi network names currently available, generate random info based on images on the phone, etc. etc. Plenty of data/means available to create the entropy needed.

  2. PRNG was outsourced by ArhcAngel · · Score: 5, Funny

    Apple didn't want another security embarrassment so they asked the NSA to supply the most secure PRNG they had.

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  3. Re:Not responsible disclosed by TechyImmigrant · · Score: 4, Insightful

    Bad PRNGs have jumped the shark. For a company like Apple to have a supposedly secure PRNG in their products and for them not to have had a group of security Nazis identify all the PRNGs in their products and make sure they're all good and fix them where not, it unconscionable.

    In my company we systematically did exactly that. It's standard practice these days.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  4. Re:all PRNGs are deterministic by petermgreen · · Score: 4, Informative

    For a CSPRNG* the primary aim is to make it computationally infeasable for an attacker to predict the output even if the attacker has an aribiterally long sample of the output and even if the attacker knows how much output has been requested from the prng since it started.

    To do this places demands on both the prng itself (it must be computationally infeasible to reverse the operations done by the prng and hence determine it's internal state from an output sample) and on the seed data fed into the prng (it must be sufficiently unknown/unpredictable to the attacker that the attacker can't obtain the seed state through a combination of his knowlage of the state of the system and brute force checking of different seed values)

    Afaict it is the latter where things usually go wrong.

    * Cryptographically secure psuedo-random number generator.

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
  5. Re: Laugh : "surprisingly" by LordLimecat · · Score: 4, Insightful

    Just because there are nefarious things going on doesnt mean that people have stopped making mistakes, or that the two are somehow mutually exclusive.

    Yes, you should still want proof that this is malicious or subversive.