Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It
Language: English
Pages: 358
ISBN: 1449318746
Format: PDF / Kindle (mobi) / ePub
If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.
This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.
- Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
- Learn how attackers infect apps with malware through code injection
- Discover how attackers defeat iOS keychain and data-protection encryption
- Use a debugger and custom code injection to manipulate the runtime Objective-C environment
- Prevent attackers from hijacking SSL sessions and stealing traffic
- Securely delete files and design your apps to prevent forensic data leakage
- Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace
Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
Seven Deadliest Network Attacks (Seven Deadliest Attacks)
Hacking: The Art of Exploitation (2nd Edition)
Nmap Cookbook: The Fat-free Guide to Network Scanning
Transmits only the live portion of the filesystem. If you choose only specific files or directories, the transfer becomes even faster. In some cases, though, it makes more sense to take the extra time to transmit an entire raw disk image. This will send all allocated files, as well as unallocated space and the HFS journal. These can be used to restore files that have been recently deleted. You’ll learn how to do this in Chapter 6, and so you’ll need a payload capable of copying off the raw disk.
Transfer. By not transferring these, you’ll be able to lift data from the device much faster, even on devices filled up with music. • Modify the DataTheft payload to test for the existence of sh, tar, and libncurses on the device. They will likely exist on a jailbroken device. If the files do exist, modify the payload to move them out of the way and replace them with your own, then put them back after your transfer has completed. If they do not exist, your payload should delete your own copies of.
To data leakage in many forms, which could result in theft of data from an otherwise secure app. This chapter contains excerpts from a private law enforcement training manual I use to train federal agents and local police worldwide. Portions have been rewritten and geared toward developers to understand how an attacker might steal otherwise secure data from a device. It’s necessary to have a full understanding of the extent of data that can be stolen by an attacker, and give you (the developer) a.
SMS Drafts Sometimes even more interesting than sent or received SMS messages are SMS drafts. Drafts are stored whenever an SMS message is typed, and then abandoned. Newer versions of iOS store a large cache of older drafts, providing the user no mechanism to purge them. SMS drafts live in /private/var/mobile/Library/SMS/Drafts. Each draft is contained in its own folder, which is time stamped identifying when the message was typed and then abandoned. $ ls -lad.
Attacker’s options are as follows: • Refund all of the merchant’s sales over the past month or two, and put them out of business. • Charge a number of credit cards to the merchant, and empty the credit card holders’ accounts, at least creating a huge headache for them, the merchant, and the credit card processor. • Find a way to hack the application to refund me thousands of dollars that I didn’t originally pay. Hmmm. • Repeat steps 1 and 3 to launder stolen credit cards, at least until the.