Presented at
Black Hat USA 2014,
Aug. 7, 2014, 11:45 a.m.
(60 minutes).
Patching all vulnerabilities for a modern, complex software system (i.e., Windows, iOS) is often difficult due to the volume of bugs and response time requirements. Instead, software vendors usually devise quick workarounds to mitigate the exploitation of a given vulnerability. However, those patches are sometimes incomplete, and attackers can utilize different attack vectors to re-exploit a patched vulnerability. iOS is no exception.
In this presentation, we will disclose our process for jailbreaking the latest version of iOS (version 7.1.1), running on any iOS device including the iPhone 5s as well as older iPads and iPods. We start by finding new ways to exploit vulnerabilities with incomplete patches. We then use these vulnerabilities to discover new avenues of attack. Finally, we chain together these vulnerabilities and new attacks to run unsigned code out of the sandbox with root permissions and to defeat mandatory code signing. We include a detailed disclosure of several new vulnerabilities and the exploit techniques that we developed.
Presenters:
-
Yeongjin Jang
- Georgia Institute of Technology
Yeongjin is a PhD student at the Georgia Institute of Technology. His research interests are focused on operating system and mobile security. Prior to joining Georgia Tech, he participated in various capture-the-flags (CTF), including DEF CON CTF, CODEGATE, etc. He received his BS degree in Computer Science from KAIST in 2010.
-
Tielei Wang
- Georgia Institute of Technology
Tielei Wang is Research Scientist at Georgia Institute of Technology. His research interests include system security, software security, and mobile security, with an emphasis on advanced attack and defense techniques. He discovered a number of zero-day vulnerabilities and won the Secunia Most Valued Contributor Award in 2011.
-
Byoungyoung Lee
- Georgia Institute of Technology
Byoungyoung Lee is a PhD student at Georgia Tech. He has interests in both practical and academic software security research. He is one of the contributors of the DarunGrim project, a popular binary diffing tool. With this project, he runs the ExploitShop blog, which uncovers many different Microsoft patched vulnerabilities. He has spoken at Black Hat and Infosec Southwest before, and he also has actively participated in wargames and advanced to DEF CON CTF finals several times. He also loves to write fuzzers targeting various software products for bug bounties.
-
Billy Lau
- Georgia Institute of Technology
Billy Lau is a Research Scientist at Georgia Institute of Technology. He is primarily interested in information security, with emphasis on hypervisors, operating systems and user applications. Recently, he has been examining the security designs and impacts of the emerging mobile devices in the marketplace. In particular, he loves to challenge the status quo on conventional security assumptions which are often broken when put to test. He graduated from University of Michigan at Ann Arbor with a Master's of Engineering in Computer Science and University of Illinois at Urbana-Champaign with a Bachelor's of Science in Computer Engineering. He hopes to make a difference by making usable computer systems more secure and secure systems more usable.
Links:
Tags:
Similar Presentations: