Click to Skip Ad
Closing in...

Huge iOS 7 security flaw exposed

Published Mar 17th, 2014 11:46AM EDT
iOS 7 Security Features

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Azimuth Security researcher Tarjei Mandt revealed at the CanSecWest conference last week that hackers can easily exploit a purported iOS 7 security flaw that’s derived from Apple’s intention of actually patching a potential security issue in iOS 6 concerning kernel encryption. “Kernel is the most basic level of an operating system that controls things like security, file management, and resource allocation,” CNET writes, with Mandt saying that “in terms of security, [iOS 7 is] much worse than iOS 6.”

In order to encrypt the kernel, Apple uses a random-number generator that has been updated in iOS 7 to provide improved security. However, Mandt says that even though Apple updated its generator, people with malicious intentions knowledgeable about the matter can find ways to guess those random numbers, which would give them access to the entire system.

While he described the matter in great detail in a white paper, Mandt did not reveal any instance in which this potential iOS 7 security feature had been actually taken advantage of. Apple has not commented on the matter, CNET reports, but Mandt says that Apple security engineers have approached him after the presentation and appeared “kind of concerned.” According to the researcher, if left unfixed, this security issue would “roll back 10 years of security-hardening techniques in iOS.”

Apple has recently updated iOS 7 and OS X to fix a different security flaw that allowed third parties to eavesdrop on supposedly encrypted traffic.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.

\