Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Creating iOS backdoor

In the previous section, we studied about creating a shell bind and shell reverse TCP access for iDevice but the problem is that this will not work if the device gets rebooted.

So, we can have a persistent connection with the iDevice by creating a backdoor for it. We will create a shell backdoor as a service that will be started automatically with each boot of device.

Let's follow the given steps to create a backdoor for iOS:

  1. Refer to the system's LaunchDaemons. We will need SSH daemon that we used for OpenSSH installed via Cydia:

  2. Navigate to LaunchDaemons from Library and you will observe a plist file as openssh.sshd:

  3. Check the default specifications of the LaunchDaemon sshd service:

  4. Now, download the file and edit the details such as service, port as per the requirement:

  5. Edit Label, Program, SockServiceName, and so on. We will use port number 5555 to bind our shell:

  6. Now, copy this edited com.openssh.sshd.plist file to the system's Library folder:

  7. Let's launch the backdoor...