Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

iOS forensics tools walkthrough

We studied the different ways to perform forensics on live setups and backups. We can make this process a lot easier and less time-consuming using commercial and open source iOS forensics tools.

There are many iOS forensics tools available in the market, such as:

  • Elcomsoft iOS Forensic Toolkit (EIFT)

  • Oxygen Forensics Suite

  • Paraben's iRecovery Stick

  • Cellebrite's Universal Forensic Extraction Device (UFED)

  • BlackLight forensics software and many more…

In this section, we will take an overview of different forensics tools available.

Elcomsoft iOS Forensic Toolkit (EIFT)

EIFT makes easier to acquisition of different iDevices. More information can be found at

The features of tool set are as follows:

  • An all-in-one, complete solution

  • Acquire complete, bit-precise device images

  • Decrypt keychain items, extract, and device keys

  • Quick file system acquisition; 20-40 minutes for 32 GB models

  • Zero-footprint operation; leaves no traces and alterations...