iPhone hacker – Stefan Esser – better known by his Twitter handle – i0n1c, has published a presentation titled “iOS Kernel Exploitation” which gives a rare insight into the latest iOS jailbreak techniques. I0n1c is credited for developing the untethered jailbreak used in jailbreak for iOS 4.3.1 and iOS 4.3.2.
He had used it to make a presentation at Black Hat 2011 in Las Vegas recently.
Here’s a brief introduction of his presentation from Black Hat’s website:
Exploiting the iOS Kernel:
The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled “Targeting the iOS Kernel” already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.
This session will introduce the audience to kernel level exploitation of iPhones. With the help of previously disclosed kernel vulnerabilities the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows will be discussed.
Furthermore the kernel patches applied by iPhone jailbreaks will be discussed in order to understand how certain security features are deactivated. A tool will be released that allows to selectively de-activate some of these kernel patches for more realistic exploit tests.
When we use jailbreaking tools like JailbreakMe, Redsn0w, Sn0wbreeze to jailbreak our iOS device, we’re oblivious about what goes on behind the scene, but in case you’re intrigued and want to get some insight, checkout i0n1c’s 97 page presentation by following this link.