Wednesday, May 18, 2016

planetbeing wins Pwnie award for ‘privilege escalation’ used in evasi0n jailbrk

If you’ve followed thejailbrkscene for any extended amount of time, you know that it takes a person with high-level skills to iOS. There’s only a handful of people in the world that can do it, and let’s just say they’re very, very talented.So it shouldn’t come as a surprise thatplanetbeing—one of the 4 members of theevad3rs—was recognized at this yr’s Black Hat convention. He took home the Pwnie for privilege escalation, which was used in the evasi0n jailbrk…Here’s MuscleNerd’s congratulatory tweet:MuscleNerd@MuscleNerd
Congrats to @planetbeing for winning this yr’s Pwnie award for privilege escalation in the iOS jailbrk :) AM - 1 Aug 2013Planetbeing, who’s rl name is David Wang, has been a staple in thejailbrkcommunity for quite some time. This yr, he tmed up withMuscleNerd,pod2gand pimskeks to form the evad3rs, which crted theevasi0njailbrk for ’s iOS 6.Inan interviewwith Forbes rlier this yr,planetbeingexplained that evasi0n takes advantage ofat lst5 bugs in iOS 6′s . For reference, that’s one more than the Stuxnetmalware developed by the NSA uses to attack Nuclr centrifuges.Here he explains a bit about how the works:”Evasi0n begins by running libimobiledevice, a program that substitutes for iTunes to communie with iOS devices via the same protocol as ’s program. Using that tool, Evasi0n s a bug in iOS’s mobile backup systemto gain access to certain settings that it normally shouldn’t be able to access, namely a file that indies the device’s time zone.”The evasi0n jailbrk toollanded onFebruary 4of this yr and worked on a wide range of i and iPads. It was responsible for over 20 million devices, and withstood two software updates, before finallykilled it by relsing iOS 6.1.3.At the time of this writing,the Pwnie websitehadn’t been updated with the winners yet, so we don’t have many details on planetbeing’s award or who else won. Regardless, it’s nice to see these guys getting some recognition for their hard work.

No comments:

Post a Comment