Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.

Related Content you might be interested in

Current Title:

Small book image
Learning iOS Penetration Testing
Swaroop Yermalkar
Jan, 2016 | 204 pages
No titles found
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Learning iOS Penetration Testing
Credits
Credits
Foreword – Why Mobile Security Matters
Foreword – Why Mobile Security Matters
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introducing iOS Application Security
Introducing iOS Application Security
Basics of iOS and application development
Developing your first iOS app
Running apps on iDevice
iOS MVC design
iOS security model
iOS secure boot chain
iOS application signing
iOS application sandboxing
OWASP Top 10 Mobile Risks
Summary
2
Setting up Lab for iOS App Pentesting
Setting up Lab for iOS App Pentesting
Need for jailbreaking
Jailbreaking iDevice
Connecting with iDevice
Installing utilities on iDevice
Installing apps on iDevice
Pentesting using iOS Simulator
Summary
3
Identifying the Flaws in Local Storage
Identifying the Flaws in Local Storage
Introduction to insecure data storage
Installing third-party applications
Insecure data in the plist files
Insecure storage in the NSUserDefaults class
Insecure storage in SQLite database
SQL injection in iOS applications
Insecure storage in Core Data
Insecure storage in keychain
Summary
4
Traffic Analysis for iOS Application
Traffic Analysis for iOS Application
Intercepting traffic over HTTP
Intercepting traffic over HTTPS
Intercepting traffic of iOS Simulator
Web API attack demo
Bypassing SSL pinning
Summary
5
Sealing up Side Channel Data Leakage
Sealing up Side Channel Data Leakage
Data leakage via application screenshot
Pasteboard leaking sensitive information
Device logs leaking application sensitive data
Keyboard cache capturing sensitive data
Summary
6
Analyzing iOS Binary Protections
Analyzing iOS Binary Protections
Decrypting unsigned iOS applications
Decrypting signed iOS applications
Analyzing code by reverse engineering
Analyzing iOS binary
Hardening binary against reverse engineering
Summary
7
The iOS App Dynamic Analysis
The iOS App Dynamic Analysis
Understanding Objective-C runtime
Dynamic analysis using Cycript
Runtime analysis using Snoop-it
Dynamic analysis on iOS Simulator
Summary
8
iOS Exploitation
iOS Exploitation
Setting up exploitation lab
Shell bind TCP for iOS
Shell reverse TCP for iOS
Creating iOS backdoor
Converting iDevice to a pentesting device
Summary
9
Introducing iOS Forensics
Introducing iOS Forensics
Basics of iOS forensics
The iPhone hardware
The iOS filesystem
Physical acquisition
Data backup acquisition
iOS forensics tools walkthrough
Summary
Index
Index

Insecure storage in keychain

Keychain is a secure location in an iOS where data is encrypted and tied to the device locking/unlocking. The keychain database is in an encrypted format and the encryption happens with a unique hardware-specific key. The hardware key that is used for the encryption is at a secure location and can't be extracted from the device. Keychain items are classified into five classes, as follows:

  • Generic passwords (kSecClassGenericPassword)

  • Internet passwords (kSecClassInternetPassword)

  • Certificates (kSecClassCertificate)

  • Keys (kSecClassKey)

  • Digital identities (kSecClassIdentity, identity=certificate + key).

Data protection mechanism has been implemented by iOS, in which the keychain having sensitive data is protected with another layer of encryption and is tied to the user's passcode. Data protection mechanism is designed to protect the user's data in case a device is lost or stolen. So the encryption offered by the data protection API is dependent on the strength of the...

Previous Section
End of Section 9
Next Section