iOS Application Security: The Definitive Guide for Hackers and Developers
Format: PDF / Kindle (mobi) / ePub
Eliminating security holes in iOS apps is critical for any developer who wants to protect their users from the bad guys. In iOS Application Security, mobile security expert David Thiel reveals common iOS coding mistakes that create serious security problems and shows you how to find and fix them.
After a crash course on iOS application structure and Objective-C design patterns, you'll move on to spotting bad code and plugging the holes. You'l learn about:
- The iOS security model and the limits of its built-in protections
- The myriad ways sensitive data can leak into places it shouldn't, such as through the pasteboard
- How to implement encryption with the Keychain, the Data Protection API, and CommonCryptoLegacy flaws from C that still cause problems in modern iOS applications
- Privacy issues related to gathering user data and how to mitigate potential pitfalls
Don't let your app's security leak become another headline. Whether you're looking to bolster your app's defenses or hunting bugs in other people's code, iOS Application Security will help you get the job done well.
cares about their customers should use it to guide their product, architecture, and engineering decisions and to learn from the mistakes that David has spent his career finding and fixing. The smartphone revolution has tremendous potential, but only if we do the utmost to protect the safety, trust, and privacy of the people holding these devices, who want to enrich their lives through our inventions. Alex Stamos Chief Security Officer, Facebook ACKNOWLEDGMENTS Thanks to Jennifer
hex(0x00008000 + 0x007a0000) '0x7a8000' Listing 6-4: Adding the starting number and the hexadecimal value of cryptsize Now this example is seriously almost done, I promise. From here, you’d just plug your numbers in to the following lldb command: (lldb) memory read --force --outfile /tmp/mem.bin --binary 0x00008000 0x007a8000 8011776 bytes written to '/private/tmp/mem.bin' This won’t give you a full, working binary, of course—just a memory dump. The image lacks the Mach-O header metadata. To
pasteboard is shared among all applications and can be read by any process on the device. This makes the pasteboard a particularly bad place to store anything even resembling private data. I’ll go into more detail on the pasteboard in Chapter 10, but for now, ensure that the app you’re examining isn’t putting anything on the pasteboard that you wouldn’t want every other app to know about. Closing Thoughts While IPC in iOS appears limited at first, there are ample opportunities for developers to
vulnerability is when a program passes a variable directly to printf, without manually specifying a format string. If this variable’s contents are supplied by external input that an attacker can control, then the attacker could execute code on a device or steal data from its memory. You can test some contrived vulnerable code like this in Xcode: char *t; t = "%x%x%x%x%x%x%x%x"; printf(t); This code simply supplies a string containing a bunch of %x specifiers to the printf function. In a
mandatory access control (MAC) mechanism based on FreeBSD’s TrustedBSD framework, primarily driven by Robert Watson. It uses a Lisp-like configuration language to describe what resources a program can or cannot access, including files, OS services, network and memory resources, and so on. MAC is different from traditional access control mechanisms such as discretionary access control (DAC) in that it disallows subjects, such as user processes, from manipulating the access controls on objects