Risky Business feature: iOS exploits just got a lot more expensive

Pointer authentication kills old school ROP dead...
21 Sep 2018 » Risky Business

We’re going to be talking to two people in this podcast and the topic is, for the most part, the introduction of pointer authentication on the latest Apple iPhones. This is a development that flew under the radar of most of the infosec media and it’s significant because it is going to basically wipe out ROP exploits as we know them. There’s no such thing as a perfect mitigation, but Apple has leveraged some recent ARM features to really lock down their devices.

In addition to the pointer authentication suff they’ve also made some changes that will affect the ability of companies like Cellebrite to unlock phones. Again, this won’t kill unlocks completely, but in one release Apple really has made life a lot harder for people in the offence game.

This will eventually have some consequences for the crypto debate. These devices are just getting more and more secure through some really cool engineering.

So we’ll be talking to Chris Wade about this, he’s the brain behind Corellium, an iOS emulator. His clients include everyone from exploit developers to the publishers of very popular iOS applications. If you want to back-test an app change on 15 different versions of iOS Corellium is the way to do that… or if you want to, you know, test your latest 0day it’s good for that, too.

Then we’re going to hear from Dr. Silvio Cesare of Infosect here in Oz. He’s going to talk about whether we might see similar mitigations on intel and weigh in on Apple’s changes.