Well known hacker says “the cat is out of the bag”

Aug 21, 2012 10:02 GMT  ·  By

PHP security buff Stefan Esser, also known as i0n1c in Twitter circles, is taking the stage at Breakpoint 2012 (by Ruxcon) for a presentation that focuses on the strengths and weaknesses of Apple’s iPhone and iPad software.

The discussion will be centered around iOS 6, the latest version of Apple’s mobile OS about to be released this fall, Esser confirmed in a tweet today. He will be joined by fellow “Internet Hacker” @mdowd.

“The cat is out of the bag http://www.ruxconbreakpoint.com/speakers/  - @mdowd and me will share the stage for a talk about iOS 6 security at HITB and Breakpoint,” reads his tweet. Think he’s found some serious bug that he’ll disclose on stage?

The official Ruxcon web site shows a list of all the speakers at this year’s gathering. Esser, who has devoted a lot of time to PHP and PHP application vulnerability research, is at the top of that list.

The organizers acknowledge that iOS security has become a hot topic in recent years. The reason is the immense popularity of Apple’s iPhone and iPad.

According to the description, “One of the major exploitation targets within iOS that has received a significant amount of public scrutiny is the kernel, as it encapsulates the security extensions that govern access to the device.”

“A variety of kernel exploits have been publicly released that employ relatively simple attack methodologies, largely due to the fact that very few kernel-level exploit mitigation technologies have been put in place.”

“Apple has addressed this problem in iOS 6 with the addition of a variety of kernel hardening technologies that are intended to thwart popular exploitation strategies that are typically used by attackers,” reads the summary.

Esser and mdowd will first introduce these technologies, then discuss their impact and effectiveness against traditional attacks.

The presentation will continue with the limitations of these technologies (there are always a few), “what techniques have been rendered useless, and the kinds of techniques that will need to be employed in future kernel-level exploits,” according to the summary.