AAPL Stock: 117.81 ( -0.22 )

Printed from

Researcher: iOS 7 security at risk from weak random number generator

updated 02:49 pm EDT, Fri March 14, 2014

Predictable and observable random number generator present in iOS 7

All mobile operating systems require what is called an Early Random Pseudorandom Number Generator (PRNG) to give the operating system some security from kernel exploits. Researchers have warned that the new one implemented in iOS 7 is potentially vulnerable to brute force attacks, and can be relatively easy to predict -- making security exploits somewhat easier to develop, if left unpatched.

The random number generator protects memory allocation by stumping buffer overflow attacks, obfuscating where code is running and how to intercept or alter the contents of RAM. These steps are taken to prevent alterations to running software -- as well as the buffer overflow attack, allowing arbitrary code to be executed -- are called mitigations.

PRNGs are vital for cryptography -- cryptographic applications require the output to also be unpredictable. A predictable random number generator used to develop keys for cryptography leads to insecure keys, prone to easier breaking. Any logical device generating a random number uses a mathematical formula and a "seed" value derived from a changing source, typically a time signal, in its generation.

In Apple's case, the seed for the random number in iOS 7 is derived from a source more readily observed and predictable, with fewer changes than the version used in iOS 6, which was also flawed. "All the mitigations deployed by the iOS kernel essentially depend on the robustness of the Early Random PRNG," Azimuth Security senior researcher Tarjei Mandt claimed. "It must provide sufficient entropy and non-predictable output."

While researching the matter, Mandt found that "we found that an unprivileged attacker, even when confined by the most restrictive sandbox, can recover arbitrary outputs from the generator and consequently bypass all the exploit mitigations that rely on the early random PRNG."

"Quite a bit of mitigations rely on the PRNG," Mandt said. "If the generator is broken, all of this is pretty much useless." Apple representatives were able to see Mandt's slides for his speech at security trade show CanSecWest prior to his presentation, but the company had not been informed of the potential weaknesses by Mandt before that, leaving them unable to correct the issue before the presentation.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented