Apple exclusively developed a mobile operating system, iOS, for Apple's hardware. It ranks second, after Android, in the market of smartphone operating systems. With the change in user preference and rapidly moving technology, users make use of mobile to handle sensitive information, such as personal, healthcare, financial, and so on, on their phones. Companies allow bring your own device (BYOD) policy, which results in corporate data being present on the phones. Therefore, it has become a necessity to secure information that is present on the device in order to protect users' privacy and also fulfill the compliance requirement mandated by the government.
This book, Learning iOS Penetration Testing, discusses common vulnerabilities and security-related shortcomings in iOS applications. It teaches readers to conduct static and dynamic analysis of iOS applications, iDevice exploitation, and iOS forensics basics.
This book will focus on the practical approach to conduct vulnerability assessment and penetration testing of iOS applications from basic to intermediate level, as per industry standards. It will help mobile application developers and information security professionals to find out the commonly known vulnerabilities and ways to mitigate them.
Chapter 1, Introducing iOS Application Security, teaches readers the basics of an iOS app development process and iOS security model. This chapter also teaches different concepts such as iOS sandboxing, security layers, and so on. It provides an overview of OWASP Top 10 Mobile Risks.
Chapter 2, Setting up Lab for iOS App Pentesting, explains the readers how to bypass security restrictions that prevent us from performing the penetration testing and set up a lab to perform iOS application penetration testing. It will help in learning about hardware and software requirements and setting up all the required utilities for iOS pentesting.
Chapter 3, Identifying the Flaws in Local Storage, covers identifying flaws in an application's local storage. For handheld devices, getting stolen is one of the biggest risks. Applications are not supposed to store any sensitive information locally in plain text/insecure format. We will look at different formats where an application usually stores sensitive data.
Chapter 4, Traffic Analysis for iOS Application, covers all about intercepting iOS application's network traffic. We will look at how to analyze or modify the application traffic over HTTP or HTTPS and also what certificate pinning is and the way to bypass it. The chapter will also give you a walkthrough about attacks that can be performed using proxy tools.
Chapter 5, Sealing up Side Channel Data Leakage, helps the readers to understand the security aspect of the leakage of sensitive data through various channels, such as logs, screenshots, cache, pasteboard, and so on. If your sensitive information, such as credit card numbers, username, password, OAuth tokens, company sensitive data, and so on, is getting leaked, then it's a considerable risk. Therefore, this chapter helps you to understand the risks of data leakage and the ways to prevent them.
Chapter 6, Analyzing iOS Binary Protections, explains how to perform an analysis of iOS binary that is downloaded from App Store or shared by third party, regarding how to reverse engineer the application, look for sensitive data hardcoded in a source code, and also check whether an application binary has implemented the address space layout randomization (ASLR) and stack smashing protection.
Chapter 7, The iOS App Dynamic Analysis, teaches the readers about performing application's runtime analysis. We will hook debuggers to applications and modify the application's workflow as per the requirements. We will explore different techniques such as using command-line utilities and GUI tools for assessment.
Chapter 8, iOS Exploitation, provides knowledge about gaining shell access to the victim's iDevice. We will study different shell access, such as shell bind TCP and shell reverse TCP, on iDevice. This chapter will also provide a walkthrough about how to use iDevice as a pentesting device itself for wireless pentesting, network pentesting, web pentesting, and so on. We will also study different ways of creating backdoors.
Chapter 9, Introducing iOS Forensics, provides a walkthrough of iOS forensics. We will begin with iOS filesystem and move further with the concepts of iOS forensics. We will also have hands on live forensics and data backup analysis. We will also take a walkthrough about different tools in the market to perform iOS forensics.
This book covers details about the ways by which a user or security analyst can test an iOS app for security vulnerabilities. In order to test the app for the security vulnerabilities, an analyst would need specific tools that would help them in analyzing the app. Steps to configure these tools will be explained when we will use the specified tools.
The overall list of tools required for a reader are as follows:
Cycript: http://www.cycript.org/
class-dump-z: https://code.google.com/p/networkpx/wiki/class_dump_z
Snoop-it: https://code.google.com/p/snoop-it/
SQLite browser: http://sourceforge.net/projects/sqlitebrowser/
Burp Proxy: http://portswigger.net/burp/download.html
Kali Linux: https://www.kali.org/downloads/
VirtualBox: https://www.virtualbox.org/wiki/Downloads
If you are an IT security professional who wants to get started with the pentesting of an iOS application or if you are an iOS app developer who wants to develop secure iOS apps, then this book is for you. It aims at helping the mobile application developers and information security professionals to understand different security flaws in iOS applications and how to identify and mitigate them. This book starts from the absolute basics and takes a reader to the advanced levels of iOS security.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Developing and executing the Hello World application is very simple and straightforward process."
A block of code is set as follows:
USERNAME - (user|username|login)(\s)*=(\s)*('|")
PASSWORD - (pass|password|key)(\s)*=(\s)*('|")Any command-line input or output is written as follows:
sudo ./cycript –p 2006
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Start Xcode from your OS X. It is just as easy as clicking on the Xcode icon."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/3255OT_ColorImages.pdf.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.