Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Chapter 8. iOS Exploitation


"Keep your friends close, but your enemies closer."

 --Michael Corleone, The Godfather Part II

In the previous chapter, you learned how to modify an application's behavior at runtime using dynamic analysis.

In this chapter, we will study how to obtain shell access on iDevice and also how to use iDevice as a pentesting device to get shell access of other devices. The iOS operating system is making it difficult with each successive version to find and exploit vulnerabilities in it but this doesn't mean that it's impossible. The attackers were able to find the vulnerabilities and exploit them as well as root iOS using jailbreak until the latest iOS 9.0.2 version was released. Recent iOS version 8.4.x was vulnerable to the AirDrop exploit that allows an attacker to overwrite files on a targeted device. So, there is always scope for exploitation. We will take a look at how the attackers were able to get shell access on iDevice with earlier iOS versions.

In this chapter...