Evad3rs to Present 'Swiping Through Modern Security Features' at HITB2013AMS

Evad3rs to Present 'Swiping Through Modern Security Features' at HITB2013AMS

Posted by · 8761 views · Translate
The Evad3rs will present 'Swiping Through Modern Security Features' detailing how the team achieved the iOS 6 jailbreak at HITBSECCONF2013 Amsterdam.

The 4th annual Hack In The Box Security Conference takes place April. You can read the presentation abstract below...

Swiping Through Modern Security Features

The Apple product security team did an impressive job raising the resilience of the iOS 6 kernel to well known attacks: Kernel ASLR was added, code pages of the kernel protected, and heap structures reinforced to harden the exploitability of heap overflows. Also, numerous directory traversals and vulnerabilities in iOS lockdown services have been fixed silently in the road from 5.1.1 to 6.0, burning all building blocks we already prepared.

For the iOS 6 public jailbreak, we started from scratch, and found successively a total of 8 vulnerabilities in a few months.

In our presentation, we will paint a big picture of the iOS 6 security, and how the Mandatory Code Signing requirement is enforced which is the target of all jailbreak tools. Afterwards, we will present different ideas, vulnerabilities and exploits that lead to the iOS 6 jailbreak. We will start by discussing the injection of the payload, which involves new and clever approaches to the problem, then explain how userland code is triggered, untethered, and finally discuss how the kernel has been successfully exploited.

We hope that this will give a new vision of the modern security protections and how they can be bypassed.

David Wang (@planetbeing) is a member of the iPhone Dev Team and former developer of many iOS jailbreak tools including redsn0w, xpwn, and QuickPwn. He is also the first to have ported the Linux kernel and Android to iOS devices. More recently, he worked actively on Corona and Rocky-Racoon, the latests public jailbreaks for iOS. Lastly, he has found and successfully exploited several vulnerabilities in iOS 6, leading to an untethered jailbreak.

Eric (@MuscleNerd) is a Staff Engineer at a southern Calfornia high-tech firm where he specializes in reverse engineering BIOSes. He is a member of the iPhone Dev Team, which has been developing free iPhone jailbreaks and carrier unlocks since the first iPhone in 2007. He was previously involved in hacking the first two generations of TiVo hardware and was Technical Editor of both the “iOS Hacker’s Handbook” (2012) and “Hacking the TiVo, 2nd Edition” (2004). Originally from the Boston area, he holds S.B and S.M. degrees from M.I.T.

Nikias Bassen (@pimskeks) is the main developer of libimobiledevice, usbmuxd, and other related projects that form an open source implementation of communication and service protocols for iDevices. He found several flaws and directory traversals in iDevice services that allowed installation of Corona, Rocky-Racoon and the latest iOS 6 jailbreak. Apart from reverse engineering and security research he founded the company samaraIT and is working as an independent developer for international clients.

Cyril (@pod2g) is an independant security researcher who has discovered and exploited several bootrom exploits on iDevices, including 24kpwn, steaks4uce, and SHAtter, as well as several userland and kernel exploits that have been used in various jailbreak tools. He is the initiator of Corona and Rocky-Racoon, the latests public jailbreaks for iOS. In December 2012, he created the 2G Lab company, focused on software development and security research projects.

Read More

Evad3rs to Present 'Swiping Through Modern Security Features' at HITB2013AMS
Jack is - February 12, 2013 at 4:05pm
And they all work for apple and is controlled by apple.. Stocks going down.. Lets release jailbreak.. People will buy more iPhone sales will go up..
Jack is - February 12, 2013 at 10:06pm
a moron