A Hacker's Guide iOS6 Kernel Security
http//
The recent release of iOS6 has introduced improved security by strengthening the Kernel. This presentation demonstrates that, on the face of it, jailbreaking strategies appear to have been one of the prime targets. This could impact severely on data extraction and harvesting techniques and some of the reading devices out there used by examiners to gather and produce evidence.
Having posted the link to the above Hacker's Guide presentation I thought, perhaps wrongly, but I thought it anyway that maybe FF members might have something to say on the subject. Perhaps to illustrate conflicts or contradictions in the marketplace, such as
(a) the findings of the authors in that presentation compared with manufacturers out there that confirm their readers do work with iOS6 e.g.
- Oxygen Forensic Software http//www.forensicfocus.com/News/article/sid=1951/?
- UFED, XRY http//www.forensicfocus.com/Forums/viewtopic/t=9717/?
(b) how many of you have actually examined an iOS6 device and which reader was most useful?
© with an ever growing list of hacker presentations that expose exploits, vulnerabilities etc how many of those are used by the current iOS reading tools to extract and harvest data?
or maybe
(d) whether the published hacker exploits and perceived issues do not impact on the examiner community or the hacker presentations have no value at all?
Perhaps to illustrate conflicts or contradictions in the marketplace, such as
(a) the findings of the authors in that presentation compared with manufacturers out there that confirm their readers do work with iOS6 e.g.
- Oxygen Forensic Software http//www.forensicfocus.com/News/article/sid=1951/?
- UFED, XRY http//www.forensicfocus.com/Forums/viewtopic/t=9717/?
Well I think that the support that the forensic vendors are talking about cover a range of different methods (primarily using the backup mechanism which will work with any hardware or exploits aimed at the processor allowing recovery RAMdisks to be loaded - but only on the iPhone 4 and downwards) to my knowledge (and I might be over simplifying things) none of them are claiming any iOS 6 Kernel-land exploits.
So, I believe that I'm correct in saying they support iOS6 on some level (varying levels in fact) using differing methods across different hardware.
[…]
(d) whether the published hacker exploits and perceived issues do not impact on the examiner community or the hacker presentations have no value at all?
I find the hacker community most valuable to understand some of the most bleeding edge technology.
The forensics tool vendors, be it hardware or software tend to be kept closed-fisted when it comes to understanding how things are working internally.
Hacking resources expose much of the internal workings of many target devices and software allowing to understand how some commercial products may (or should) work when interacting with them.