Is ASLR The Antid0te For a More Secure Jailbreak?

At this years annual Pwn2Own hacking contest, where contestants are challenged to exploit specific software and computing platforms, an iPhone 3GS was successfully hacked in about 20 seconds.

Fortunately, one hacker is making plans to release a jailbreak tool — aptly entitled Antid0te — that makes your iPhone more secure.  Just how is this accomplished? We divulge the details inside…

The Problem

The fact that an iPhone was successfully hacked at the Pwn2Own contest isn’t the real surprising point; give any hacker worth their merits enough time, and eventually they’re likely to compromise the target. What’s surprising is the fact that it took a mere 20 seconds to pull off, pretty scary considering our iPhones contain a ton of personal information.

That leads to the suggestion that iOS might not be the most secure operating system in the world, and is all the more concerning for us jailbreakers when you consider that jailbreaking itself could make your iPhone more susceptible to hacking — as if the hackers needed any additional help!

Security analyst Stefan Esser has recognized the vulnerabilities inherently baked into Apple’s mobile operating system, and has taken matters into his own hands to resolve it. The result? A new jailbreak tool entitled Antid0te that’s scheduled to be unveiled on December 14th.

The Proposal

To fix the security issue, Esser introduces ASLR into the jailbreak solution. ASLR, according to Wikipedia, is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process’s address space.

For jailbreaking, this would mean that when the exploit is injected, the memory space that it’s injected into is randomized, making it more secure.

The Answer?

If Esser’s claims are true, and Antid0te is able to add ASLR to the iPhone, jailbreaking could ironically be the answer to making your iPhone more secure. It’s kind of reminiscent of the PDF Patch that was initially only available to jailbreakers when there was a vulnerability in PDFs.

Time will tell whether or not Antid0te turns out to be a medicine with a lot of side effects, or the miracle pill that it’s prescribed to be. We’ll be sure to report back as soon as more information is divulged.

Are you hesitant to jailbreak because of potential security issues? If so, would you be willing to try a tool like Antid0te?