Cedric Halbronn (Sogeti / ESEC)

Presentation Title iPhone Security Model and Vulnerabilities
Presentation Abstract

The mobile world keeps growing. Among actors, the iPhone is very popular, with a large library of applications. The iPhone operating system (iOS) implements security mechanisms to only run Apple-signed code on the device and mitigate exploitation of software vulnerabilities. However, many vulnerabilities were found and exploited by various hackers (the iPhone dev team, geohot and comex, among others) to “jailbreak” the operating system and run third party applications. Recently, the “Star” jailbreak by comex used a browser exploit combined with a kernel exploit, raising many concerns regarding the security of the iPhone.

Our talk will cover the following topics:

- iPhone OS security mechanisms;
- Exploit analysis of recent jailbreaking tools: blackra1n, spirit and star;
- Attack demonstrations using these exploits to compromise a device, either with physical access or remotely.

iOS security

The iPhone application processor runs the “mobile version” of Mac OS X, called iOS (formerly iPhone OS). It includes additional security functionalities, the most notable being mandatory code signing, and also a trusted boot chain to prevent modifications of the operating system.

Secure boot

Apple filled a patent in 2008 called “Single Security Model in Booting a Computing Device” which describes the trusted boot chain used on the iPhone. In order to ensure the integrity of the operating system, a chain of trust is established by verifying the digital signature of each software component before execution: bootloaders, kernel and applications are all successively signature checked [25C3]. Additionally, bootloaders and kernel binaries are encrypted with a common key shared by all devices of the same model (GID key), and embedded into the application processor cryptographic chip.

Application-level security

The early versions of iOS (1.x) included with the original iPhone in 2007 were not really secure: every process ran as root with executable stack and heap. The firmware 2.0 was released with the opening of the AppStore in 2008, and introduced code signing enforcement, a standard user account (mobile) to run the applications, sandboxing and non-executable stack and heap. In order to exploit a vulnerability on recent firmwares, return oriented programming (ROP) has to be used, since iOS does not implement Address Space Layout Randomization (ASLR) [METERPRETER]. The first public ROP browser exploit was demonstrated by Zynamics during the 2010 PWN2OWN contest [PWN2OWN]. The same technique was then used by the “Star” jailbreak in august 2010, this time combined with a local kernel exploit to gain root access and totally bypass all of the iOS security features.

Jailbreak

The idea behind the “jailbreak” is to break iPhone security model in order to run third party applications outside of the regular AppStore. Alternative applications markets, such as Cydia or Rock, are commonly used on jailbroken devices. To make it possible, vulnerabilities were exploited in various parts of the operating system and its bootloaders. Those vulnerabilities are patched by Apple with each new firmware release, making jailbreak a “cat-and-mouse” game.

Blackra1n (by geohot, firmwares < 3.1.2)

Blackra1n uses a vulnerability in the iBoot bootloader to run unsigned code and then load and patch the kernel. Additionally, a vulnerability in the Secure ROM of early iPhone 3GS models called 24kPWN is used to break the chain of trust from the start. On newer devices, not vulnerable to 24kPWN, the iBoot vulnerability has to be re-exploited on each boot to break the chain of trust “in the middle” (tethered jailbreak).

Spirit & Star (by comex, firmwares <= 4.0.1)

Spirit uses a directory traversal in the BackupAgent daemon to store files in system folders and then force the first userspace process (launchd) to run a ROP payload at each boot, which will then exploit a kernel vulnerability and finally patch signature checks.

Star uses a remote PDF exploit in the MobileSafari web browser combined with a kernel exploit to jailbreak the iPhone through the jailbreakme.com website. Like Spirit, the kernel is exploited and patched at each boot through the launchd process (the kernel vulnerability is different though).

Our work

There are lots of personal information on mobile phones: SMS, contacts, e-mails, GPS, etc. Our work focuses on the attackers capability to extract sensitive information from the device without the user noticing it. Since Apple checks each application that is published through the AppStore, it is difficult (but not impossible) for an attacker to include malicious code in a signed application [PRIVACY]. Alternatively, an attacker may use the public jailbreak vulnerabilities to inject his payload. For instance, the star jailbreak PDFs exploits can be easily modified to include a custom payload. Possible payloads are extracting information in one shot or installing a rootkit to keep an access on the device.

We have developed two kinds of payload, based on the blackra1n and star exploits.

The first payload focuses on the extraction of information, using a computer connected to the device, leaving no trace on the device. We are able to extract SMS, contacts, call logs, calendar, etc. To extract more valuable information such as passwords, certificates and private keys, it is possible to decipher the keychain using the crypto hardware module of the device.

The second payload is installed on the device locally or remotely after having disabled security checks to execute our unsigned code and make it persistent. This is still work in progress. Our goal is to develop a rootkit that will regularly connect back to an attacker’s server and send personal data. The attacker would also be able to execute remote commands on the device.

About Cedric Halbronn and Jean Sigwald

Jean Sigwald and Cedric Halbronn are security researchers working at Sogeti ESEC R&D lab. Their researches are mainly focused on smartphones security and the services offered by the network operators – more generally on mobile security.