View
493
Download
1
Category
Preview:
Citation preview
IOS SECURITY BASICS@antojosep007
@WHOAMI ANTO JOSEPH Security Engineer @ Citrix Passionate about Mobile Security Research Past : Developer / SysAdmin Speaker / Trainer @ HITB AMS / NullCon / GroundZero /
c0c0n etc Contributes to OWASP Mobile Security Guide / Checklist
SECURE BOOT 1. Read only boot rom 2. LLB 3. iBoot
1 . Recovery ( DFU) 2. Kernel
Load Drivers Start Daemons
APP SANDBOX Mac based Confined to App Directory Some IOS versions how ever allowed access to arbitrary
locations including /private/var/mobile/Media/Photos/
FDE First to Introduce it in the Market Solves Data at Rest Problem Device KEY + User Passcode = File Sys Key File Sys Key used to Decrypt File Meta Data File Meta Data has per file key
KEYCHAIN Can Store Secret Information here Mediated through securityd daemon Can Specify events when the keychain data should be
avaliable Jailbroken device = NO KEYCHAIN SECURITY Use Keychain Dumper from Cydia
JAILBREAKING Required to run unsigned code in the device Required for security testing Required for Modifying the Device Required for Awesomeness !!
PANGU / EVASION
APPSEC ESSENTIALS ( FS ) Use iExplorer / iFunBox to Explore the App SandBox
Check Plist Files Check Binary Cookies Check Screenshots Check Keyboard Cache ( Autocomplete data may go in here ) Check for Sqlites Check for Sensitive Data Elsewhere
APPSEC ESSENTIALS ( NETWORK)
Use a standard HTTP proxy to Intercept Traffic Install Proxy Certificate on the device Change proxy settings in WIFI settings Install SSL TRUST KILLER for Certificate Pinning Bypass if needed Use ipTables to intercept non-http traffic
DEMO TIME
QUESTIONS ?
THANKS
Recommended