Identifying Data Leaks in iOS Applications
Transcript of Identifying Data Leaks in iOS Applications
![Page 1: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/1.jpg)
Identifying Data Leaks in iOS ApplicAtiOnS
![Page 2: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/2.jpg)
Many iOS applications unintentionally leak data to other applications or adversaries with access to the filesystem. This typically occurs when a developer uses an API that has side effects the developer is not aware of and, therefore, does not take preventative measures to secure the data.
![Page 3: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/3.jpg)
Here we look at some of the ways a developer using the iOS APIs may inadvertently leak sensitive application data.
![Page 4: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/4.jpg)
lEAKinG DAtA in
ApplicAtiOn lOGS
![Page 5: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/5.jpg)
Logging can prove to be a valuable resource for debugging during development. However, in some cases, it can leak sensitive or proprietary information, which is then cached on the device until the next reboot.
[20:29:16.6732] requested restore behavior: Update
[20:29:16.6743] requested variant: Update
[20:29:16.6752] requested restore behavior: Update
[20:29:16.6762] failed to find key FDRSupport in variant
![Page 6: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/6.jpg)
iDEntiFYinG pAStEBOARD lEAKAGE
![Page 7: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/7.jpg)
Many developers want to offer users the ability to copy and paste data. If the pasteboard is used to copy sensitive data, depending on how it is implemented, data could be leaked from the pasteboard to other third-party applications.
![Page 8: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/8.jpg)
HAnDlinG ApplicAtiOn
StAtE tRAnSitiOnS
![Page 9: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/9.jpg)
When an application is suspended in the background (for example, if the user receives an incoming call), iOS takes a snapshot of the app and stores it in the application’s cache directory. When the application is reopened, the device uses the screenshot to create the illusion that the application loads instantly. Any system that can be paired with the device can access the snapshot.
- (void)applicationDidEnterBackground: (UIApplication *)application
![Page 10: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/10.jpg)
KEYBOARD cAcHinG
![Page 11: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/11.jpg)
iOS customizes the autocorrect feature by caching input that is typed into the device’s keyboard. Almost every non-numeric word is cached on the filesystem in plaintext in the keyboard cache file. This means that application data you wouldn’t want to be cached—such as usernames, passwords, and answers to security questions—could be inadvertently stored in the keyboard cache.
WQ E R T Y U I O P
password1pass passing
![Page 12: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/12.jpg)
Http RESpOnSE cAcHinG
![Page 13: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/13.jpg)
To display a remote website, an iOS application often uses a UIWebView to render the HTML content. Depending on how the URL loading is implemented, a UIWebView can cache server responses to the local filesystem. When sensitive content is returned in server responses, it could potentially be stored in the cache database.
cfurl_cache_blob data
cfurl_cache_ response
cfurl_cache_ receiver_data
cfurl_cache_ schema_version
![Page 14: Identifying Data Leaks in iOS Applications](https://reader033.fdocuments.us/reader033/viewer/2022051520/58ee151d1a28ab69438b46b5/html5/thumbnails/14.jpg)
The Mobile Application
Hacker’s Handbook
by Dominic chell, tyrone Erasmus, Shaun colley, and Ollie Whitehouse
about iOS application vulnerabilities and how to write secure iOS apps in
Find out more