Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Weak Apple RNG Threatens iOS Exploit Mitigations

Trailrunner7 (1100399) writes | about 7 months ago

0

Trailrunner7 (1100399) writes "A revamped early random number generator in iOS 7 is weaker than its vulnerable predecessor and generates predictable outcomes. A researcher today at CanSecWest said an attacker could brute force the Early Random PRNG used by Apple in its mobile operating system to bypass a number of kernel exploit mitigations native to iOS.

“The Early Random PRNG in iOS 7 is surprisingly weak,” said Tarjei Mandt senior security researcher at Azimuth Security. “The one in iOS 6 is better because this one is deterministic and trivial to brute force.”

The Early Random PRNG is important to securing the mitigations used by the iOS kernel.

“All the mitigations deployed by the iOS kernel essentially depend on the robustness of the Early Random PRNG,” Mandt said. “It must provide sufficient entropy and non-predictable output.”"

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?