IOS SECURITY BASICS@antojosep007

@WHOAMI ANTO JOSEPH Security Engineer @ Citrix Passionate about Mobile Security Research Past : Developer / SysAdmin Speaker / Trainer @ HITB AMS / NullCon / GroundZero /

c0c0n etc Contributes to OWASP Mobile Security Guide / Checklist

SECURE BOOT 1. Read only boot rom 2. LLB 3. iBoot

1 . Recovery ( DFU) 2. Kernel

Load Drivers Start Daemons

APP SANDBOX Mac based Confined to App Directory Some IOS versions how ever allowed access to arbitrary

locations including /private/var/mobile/Media/Photos/

FDE First to Introduce it in the Market Solves Data at Rest Problem Device KEY + User Passcode = File Sys Key File Sys Key used to Decrypt File Meta Data File Meta Data has per file key

KEYCHAIN Can Store Secret Information here Mediated through securityd daemon Can Specify events when the keychain data should be

avaliable Jailbroken device = NO KEYCHAIN SECURITY Use Keychain Dumper from Cydia

JAILBREAKING Required to run unsigned code in the device Required for security testing Required for Modifying the Device Required for Awesomeness !!

PANGU / EVASION

APPSEC ESSENTIALS ( FS ) Use iExplorer / iFunBox to Explore the App SandBox

Check Plist Files Check Binary Cookies Check Screenshots Check Keyboard Cache ( Autocomplete data may go in here ) Check for Sqlites Check for Sensitive Data Elsewhere

APPSEC ESSENTIALS ( NETWORK)

Use a standard HTTP proxy to Intercept Traffic Install Proxy Certificate on the device Change proxy settings in WIFI settings Install SSL TRUST KILLER for Certificate Pinning Bypass if needed Use ipTables to intercept non-http traffic

DEMO TIME

QUESTIONS ?

THANKS