Loading...

Strategic Analysis of the iOS Jailbreak Development Community

388 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 28, 2014

Dino Dai Zovi - Trail Of Bits

Attackers, just like defenders, are resource-constrained. The choices of where to look for exploitable vulnerabilities and how to leverage them are shaped by the resources at the attackers' disposal, the relative difficulty of the available attack surfaces and vectors, and the return on attack investment. Malicious attackers, however, are rarely forthcoming with their strategies, expenditures, or forecasts. The jailbreak development community, in contrast, is much more visible with blog posts, Tweets, and public software releases. As the technical development of a jailbreak overlaps significantly with the development of a malicious attack, the high-visibility jailbreak development community can serve as an analysis proxy for the low-visibility malicious attacker communities. An analysis of the jailbreak community's strategies can thus serve as a model for the strategies of malicious attacker communities. These communities, however, are not completely isolated. An advanced public jailbreak community provides information, tools, and know-how that may be leveraged by malicious attackers as well. This presents a choice for an integrated hardware and software platform vendor: should jailbreaking be facilitated in order to discourage the release of advanced jailbreaks that may easily be repurposed as malicious attacks? Or should the jailbreak release and security patch cycle be encouraged in order to identify and fix vulnerabilities that may also be discovered and exploited by malicious attackers?

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...