Jailbreaking your iOS device used to simply be about gaining some freedom–getting root access, installing native apps, and adding or modifying themes. The worst that could happen would be running into a slightly malicious installation package. Then we met the OSX/RRoll family of worms that actively went after jailbroken devices. Part of the risk came from insecure defaults and reduced security caused by the jailbreaking process.
The entire insecurity situation is about to change with the release of the new security tool Antid0te. Created by security researcher Stefan Esser, the Antid0te adds Address Space Layout Randomization (ASLR) to jailbroken iOS devices. Esser will present the technical background for Antid0te on Tuesday at the Power of Community conference (POC 2010) in Seoul, South Korea.
ASLR modifies the layout of system libraries and data structures in memory to prevent easy exploitation by attackers. Specifically it makes attacks such as the Return-Oriented Programming (ROP) one, used against an iPhone 3GS to win the CanSecWest Pwn2Own contest, much harder. ASLR was cited by Vincent Iozzo, one of two security researchers who created the Pwn2Own exploit, as a key in preventing attacks like theirs:
“If [iOS] would ever support ASLR[,] attacking it will be significantly harder than any desktop OS. In fact, most applications are sandboxed, which greatly limits their abilities of doing harm and code signing is always in place. ASLR will limit the ability of creating ROP payloads. …”
The initial release of Antidote is scheduled for December 24, but Esser is not stopping with adding ASLR to jailbroken iOS devices. In upcoming releases, Antid0te will also re-enable code signing and other protections. With these changes we will eventually see an overall increase in the security of jailbroken iOS devices–resulting in their becoming as secure as, if not more so than, stock iOS devices.