According to the article:-
Tarjei Mandt, senior security researcher at Azimuth Security, found that the PRNG in iOS 7, the latest version of the OS, is weaker than the one used in iOS 6.
"In turn, this may allow trivial exploitation of vulnerabilities previously deemed non-exploitable."
he random number generator in iOS 7 uses an algorithm called a linear congruential generator (LCG), which produces sequences of random numbers calculated with a linear equation. One of the oldest and best-known random number generators, it is known for being fast and easy to implement, the paper authored by Mandt, said.
While these algorithms work well in devices with limited resources, such as smartphones, "they exhibit severe defects and are easily broken when confronted by an adversary who can monitor outputs," Mandt wrote.
The links below has more information:
No comments:
Post a Comment