Have you ever thought how Jailbreakers discover exploits in iOS which allow tethered or untethered Jailbreak on iPhone, iPad, iPod Touch and Apple TV, Stefan Esser a.k.a i0n1c the famous iPhone hacker, revels some facts about how this all works in a 97 page presentation. Just to remind ion1c was the guy behind untethered iOS 4.3.1 jailbreak which is also the last untethered jailbreak available at the moment which was patched by Apple in iOS 4.3.4 and onward.
Some of the words from ion1c,
The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled “Targeting the iOS Kernel” already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.
This session will introduce the audience to kernel level exploitation of iPhones. With the help of previously disclosed kernel vulnerabilities the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows will be discussed.
In the annual Black Hat Security Conference ion1c made this presentation on how to find jailbreak exploits basing on paper titled “iOS Kernel Exploitation”. In this presentation procedure he used 470kΩ resistor, 2 mini-USB-B to USB-A cables, a breakout USB to Serial board and a PodGizmo connector to hack into iOS.
You can read and download compelte presentation pdf from here.
If you like our efforts please share it using social apps below and follow us on twitter and facebook to get updates on Apple, Android, Symbian, Gadgets & News.