iPwn your iPhone – WiFi edition
description
Transcript of iPwn your iPhone – WiFi edition
![Page 2: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/2.jpg)
Agenda
• Brief intro to SSL certs
• The CVE-2011-0228 vulnerability
• iSniff Demo
![Page 3: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/3.jpg)
SSL certificate chains
![Page 4: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/4.jpg)
SSL certificate chains
![Page 5: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/5.jpg)
SSL certificate chains
![Page 6: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/6.jpg)
SSL certificate chains
![Page 7: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/7.jpg)
Patch…
![Page 8: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/8.jpg)
Man-in-the-middle setup
• Linux VM (Debian 6)• Netgear WG111v2 USB WiFi stick• R8187 driver from aircrack-ng
• airbase-ng• dhcpd• iSniff.py
![Page 9: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/9.jpg)
sslsniff 0.8 AuthorityCertificateManager.cpp
![Page 10: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/10.jpg)
iSniff.py
![Page 11: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/11.jpg)
iSniff Demo
![Page 12: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/12.jpg)
After patch…
![Page 13: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/13.jpg)
![Page 14: iPwn your iPhone – WiFi edition](https://reader036.fdocuments.net/reader036/viewer/2022062323/56815ab7550346895dc86fae/html5/thumbnails/14.jpg)
Resources
• https://github.com/hubert3/iSniff
Airbase-ng wifi setup:
http://adaywithtape.blogspot.com/2009/10/fake-ap-using-airbase-ng.html
Advisories:
• https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt
• http://blog.recurity-labs.com/archives/2011/07/26/cve-2011-0228_ios_certificate_chain_validation_issue_in_handling_of_x_509_certificates/index.html