DESIGN, IMPLEMENTATION AND BYPASS OF THE CHAIN-OF-TRUST MODEL OF IOS presented at Ruxcon 2015

by Team Pangu,

Summary : The closed software ecosystem of iOS heavily replies on the rigorous security mechanisms of iOS. This talk will analyze the design, implementation, and evolution of the security mechanisms in iOS along the timeline from device boot, kernel initialization, to creation and execution of a userland process, review the key steps in previous jailbreak tools for breaking the chain-of-trust model of iOS, share the critical techniques exploited by Pangu 7 and Pangu 8, and analyze and forecast potential attack surfaces for future jailbreaks. We will also analyze a code signing bypass vulnerability that enables untethered jailbreak against iOS 8.2, and explain how it was stealthily fixed by Apple in iOS 8.3.