OWASP Day IV•180 blog monitorati OWASP-Italy Day IV – 6th, Nov 09 OWASP 11 OWASP Top Ten
IOS Security Basics - NULL/ OWASP/G4H Meet
-
Upload
anto-joseph -
Category
Technology
-
view
493 -
download
1
Transcript of IOS Security Basics - NULL/ OWASP/G4H Meet
![Page 1: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/1.jpg)
IOS SECURITY BASICS@antojosep007
![Page 2: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/2.jpg)
@WHOAMI ANTO JOSEPH Security Engineer @ Citrix Passionate about Mobile Security Research Past : Developer / SysAdmin Speaker / Trainer @ HITB AMS / NullCon / GroundZero /
c0c0n etc Contributes to OWASP Mobile Security Guide / Checklist
![Page 3: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/3.jpg)
SECURE BOOT 1. Read only boot rom 2. LLB 3. iBoot
1 . Recovery ( DFU) 2. Kernel
Load Drivers Start Daemons
![Page 4: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/4.jpg)
APP SANDBOX Mac based Confined to App Directory Some IOS versions how ever allowed access to arbitrary
locations including /private/var/mobile/Media/Photos/
![Page 5: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/5.jpg)
FDE First to Introduce it in the Market Solves Data at Rest Problem Device KEY + User Passcode = File Sys Key File Sys Key used to Decrypt File Meta Data File Meta Data has per file key
![Page 6: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/6.jpg)
KEYCHAIN Can Store Secret Information here Mediated through securityd daemon Can Specify events when the keychain data should be
avaliable Jailbroken device = NO KEYCHAIN SECURITY Use Keychain Dumper from Cydia
![Page 7: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/7.jpg)
JAILBREAKING Required to run unsigned code in the device Required for security testing Required for Modifying the Device Required for Awesomeness !!
![Page 8: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/8.jpg)
PANGU / EVASION
![Page 9: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/9.jpg)
APPSEC ESSENTIALS ( FS ) Use iExplorer / iFunBox to Explore the App SandBox
Check Plist Files Check Binary Cookies Check Screenshots Check Keyboard Cache ( Autocomplete data may go in here ) Check for Sqlites Check for Sensitive Data Elsewhere
![Page 10: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/10.jpg)
APPSEC ESSENTIALS ( NETWORK)
Use a standard HTTP proxy to Intercept Traffic Install Proxy Certificate on the device Change proxy settings in WIFI settings Install SSL TRUST KILLER for Certificate Pinning Bypass if needed Use ipTables to intercept non-http traffic
![Page 11: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/11.jpg)
DEMO TIME
![Page 12: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/12.jpg)
QUESTIONS ?
![Page 13: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/13.jpg)
![Page 14: IOS Security Basics - NULL/ OWASP/G4H Meet](https://reader035.fdocuments.net/reader035/viewer/2022062904/588216a11a28ab3f4c8b594d/html5/thumbnails/14.jpg)
THANKS