Researcher: iOS 7 security at risk from weak random number generator
Predictable and observable random number generator
present in iOS 7
All mobile operating systems require what is called an "Early Random pseudorandom number generator (PRNG)" to give the operating system some security from kernel exploits. Researchers have revealed that the new one implemented in iOS 7 is vulnerable to brute force attacks, and can be relatively easy to predict, making security exploits somewhat easier to develop, if left unpatched.
. . .
While researching the matter, Mandt found that "we found that an unprivileged attacker, even when confined by the most restrictive sandbox, can recover arbitrary outputs from the generator and consequently bypass all the exploit mitigations that rely on the early random PRNG."
- The compass
- The accelerometer
- The fingerprint of the user
- The white balance detected by the camera
- The number of files on the device
- The last phone number called
- The last website visited in Safari
- Audio noise detected by the microphone
- The current power level of the battery
- The proximity sensor
- The ambient light sensor
- The date and time
In other words: Get seriously random Apple!