[...]... forensic software manufacturers to criminal hackers have targeted iOS security By relying on the manufacturer’s implementation alone, many have lent themselves to the untimely demise of the customer data stored within their applications It s easier to shoot a big fish in a little pond than the opposite The chapters to follow will teach you how criminals can hack into iOS to steal data and hijack applications,. .. experience with digital rights management, much more than with mobile security, in fact The iTunes store existed for years prior to the iPhone, and allows songs to be encrypted and distributed to the user, providing them the keys to play the music only after authenticating Over time, those who didn’t like to be told what they could and couldn’t do with their music ended up writing many tools to free their... 3: The iOS file system encryption prevents data on the device from being stolen Because iOS filesystem encryption (up to and including iOS 5) relies on an encryption system that stores both keys and data on the same device, an attacker needs only to gain the privilege to run code on the device with escalated permissions to compute the keys and steal data Therefore, because these keys are digital, whoever... checks to test the integrity of an application to ensure that unsigned code hasn’t been injected into it As part of application security, Apple has incorporated an encrypted keychain providing a central facility for storing and retrieving encrypted passwords, networking credentials, and other information Apple’s Security framework provides low-level functionality for reading and writing data to and from... lock is pick-proof, tool-proof, and built to extreme tolerances making it impossible to open without the key Now take a spare key and hide it under your doormat You’ve now made all of the expensive security you paid for entirely irrelevant This is much the same problem in the digital world that we used to see with digital rights management, which has now made its way into mobile security People who pay... and overall flaws in many developers’ ways of thinking about security Chapter 2 introduces the reader to many techniques of compromising an iOS device, including jailbreaking The reader will learn how to build and inject custom code into an iOS device using popular jailbreaking techniques and custom RAM disks Chapter 3 demonstrates how the filesystem of an iOS device can be stolen in minutes, and how. .. malicious code, and performing low-level attacks using a number of techniques Chapter 9 illustrates some of the tools used to hijack SSL sessions, and how to protect your application from falling victim to these attacks Chapter 10 elaborates on security and describes additional methods to protect your data with proper encryption techniques Chapter 11 explains how to help prevent forensic data leakage... manufacturer to fix the flaw, which could take months, before the data your application uses is secure again 4 | Chapter 1: Everything You Know Is Wrong The iOS Security Model Apple has incorporated four layers of security in iOS to protect the user and their data Device Security Techniques to prevent an unauthorized individual from using the device Data Security Techniques to protect the data stored on... this book can be used to expose vulnerabilities in your company’s desktop applications as well Organization of the Material This book is split into two halves The first half discusses hacking and exposes the many vulnerabilities in iOS and iOS applications, while the second half covers techniques to better secure applications Chapter 1 explains the core problem with mobile security, and outlines common... delivered a patch both to fix the vulnerability months before Apple did, and to use it to allow users to jailbreak their devices This vulnerability affected firmware up to and including version 4.3.3 • Also in 2011, Charlie Miller discovered a vulnerability in the way the Nitro JIT compiler was implemented in iOS, allowing an otherwise innocuous looking application to download and run malicious, unsigned . 2 The iOS Security Model 5 Components of the iOS Security Model 5 Storing the Key with the Lock 7 Passcodes Equate to Weak Security 9 Forensic Data Trumps Encryption 10 External Data Is at Risk, Too. class="bi x0 y0 w0 h1" alt="" Hacking and Securing iOS Applications Jonathan Zdziarski Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo Hacking and Securing iOS Applications by Jonathan. device. This book is designed to demonstrate many of the techniques black hats use to steal data and manipulate software in an attempt to show you, the developer, how to avoid many all too common mistakes