Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Connecting with iDevice

In Chapter 1, Introducing iOS Application Security, we had studied that iOS is very similar to a Unix-based system. So, let's log in to the device and check it.

To log in to iDevice, you should have SSH running on iDevice so that you can connect to it using the SSH client. In Cydia, search for OpenSSH and install it, as shown in the following screenshot:

Then, connect your iDevice to Wi-Fi and check the IP address of your device, as follows:

Now, from your PC/Mac system, connect to this IP address over SSH using any SSH client. It will prompt you for a username and password. The default credentials for SSH connection with any iDevice are username as root and password being alpine.

Once you logged in, you will notice a similar filesystem as Unix under the root directory, as shown in the following screenshot:

The most important thing is to change your default password otherwise, anyone over Wi-Fi could connect to your device using the default credentials. Therefore, you...