Targeting the iOS Kernel
Although the iPhone user land is locked down very tightly, previous talks about iPhone security have concentrated on user land attacks only. Therefore demonstrated exploit payloads have been very limited in what they can do or cannot do. More complicated work like user land rootkits or the addition of ASLR protection therefore relied entirely on kernel exploitation help from the jailbreaking community.
This presentation will introduce the audience into finding security bugs in iOS kernelspace and how this is different from hunting kernel bugs in Mac OS X. Reverse engineering will be used to extract a lot of information from the kernelcache and then this information is used to enumerate the kernel's attack surface and the corresponding code is located. In addition to that the secrets of activating the iOS internal kernel debugger will be revealed and it will be demonstrated by debugging a previous disclosed iOS kernel exploit.