Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Device logs leaking application sensitive data

Many times, application logs the input data to ease the debug process. Now, if an application is logging sensitive information, then its data will be captured on device logs. An attacker can easily dump device logs and retrieve the user's sensitive information.

Let's follow the given steps to capture device logs that are leaking sensitive information:

  1. You can use the Organizer utility provided with Xcode. Connect the iDevice to Mac, start the Organizer and dump the device logs:

  2. You can automate this process using the idb tool. Use the Log option to capture all device logs and check whether the iDevice is leaking any sensitive information:

This issue arises when the developers forget to remove logs during the release of the application. So, make sure that you have not enabled logs after debug mode.