Jonathan Zdziarski

Hacking and Securing iOS Applications (eBook, PDF)

Stealing Data, Hijacking Software, and How to Prevent It

• Format: PDF

Produktbeschreibung

If youre an app developer with a solid foundation in Objective-C, this book is an absolute mustchances are very high that your companys iOS applications are vulnerable to attack. Thats because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers arent aware of.This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. Youll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.Examine subtle vulnerabilities in real-world applicationsand avoid the same problems in your appsLearn how attackers infect apps with malware through code injectionDiscover how attackers defeat iOS keychain and data-protection encryptionUse a debugger and custom code injection to manipulate the runtime Objective-C environmentPrevent attackers from hijacking SSL sessions and stealing trafficSecurely delete files and design your apps to prevent forensic data leakageAvoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.

Produktdetails

• Verlag: O'Reilly Media
• Seitenzahl: 358
• Erscheinungstermin: 17. Januar 2012
• Englisch
• ISBN-13: 9781449325244
• Artikelnr.: 42123938

Autorenporträt

Jonathan Zdziarski is better known as the hacker "NerveGas" in the iOSdevelopment community. His work in cracking the iPhone helped lead theeffort to port the first open source applications to it, and his bookiPhone Open Application Development taught developers how to writeapplications for the popular device long before Apple introduced itsown SDK. Jonathan is also the author of many other books, includingiPhone SDK Application Development and iPhone Forensics. Jonathanpresently supports over 2,000 law enforcement agencies worldwide anddistributes a suite of iOS forensic imaging tools to obtain evidencefrom iOS devices for criminal cases. He frequently consults and trainslaw enforcement agencies and assists forensic examiners in theirinvestigations. Jonathan is also a full-time Sr. Forensic Scientist, where, amongother things, he performs penetration testing of iOS applications forcorporate clients.

Inhaltsangabe

Dedication
Preface
Audience of This Book
Organization of the Material
Conventions Used in This Book
Using Code Examples
Legal Disclaimer
Safari® Books Online
How to Contact Us
Chapter 1: Everything You Know Is Wrong
1.1 The Myth of a Monoculture
1.2 The iOS Security Model
1.3 Storing the Key with the Lock
1.4 Passcodes Equate to Weak Security
1.5 Forensic Data Trumps Encryption
1.6 External Data Is at Risk, Too
1.7 Hijacking Traffic
1.8 Trust No One, Not Even Your Application
1.9 Physical Access Is Optional
1.10 Summary
Hacking
Chapter 2: The Basics of Compromising iOS
2.1 Why It's Important to Learn How to Break Into a Device
2.2 Jailbreaking Explained
2.3 End User Jailbreaks
2.4 Compromising Devices and Injecting Code
2.5 Exercises
2.6 Summary
Chapter 3: Stealing the Filesystem
3.1 Full Disk Encryption
3.2 Copying the Live Filesystem
3.3 Copying the Raw Filesystem
3.4 Exercises
3.5 The Role of Social Engineering
3.6 Summary
Chapter 4: Forensic Trace and Data Leakage
4.1 Extracting Image Geotags
4.2 SQLite Databases
4.3 Reverse Engineering Remnant Database Fields
4.4 SMS Drafts
4.5 Property Lists
4.6 Other Important Files
4.7 Summary
Chapter 5: Defeating Encryption
5.1 Sogeti's Data Protection Tools
5.2 Extracting Encryption Keys
5.3 Decrypting the Keychain
5.4 Decrypting Raw Disk
5.5 Decrypting iTunes Backups
5.6 Defeating Encryption Through Spyware
5.7 Exercises
5.8 Summary
Chapter 6: Unobliterating Files
6.1 Scraping the HFS Journal
6.2 Carving Empty Space
6.3 Commonly Recovered Data
6.4 Summary
Chapter 7: Manipulating the Runtime
7.1 Analyzing Binaries
7.2 Encrypted Binaries
7.3 Abusing the Runtime with Cycript
7.4 Exercises
7.5 Summary
Chapter 8: Abusing the Runtime Library
8.1 Breaking Objective-C Down
8.2 Disassembling and Debugging
8.3 Malicious Code Injection
8.4 Injection Using Dynamic Linker Attack
8.5 Summary
Chapter 9: Hijacking Traffic
9.1 APN Hijacking
9.2 Simple Proxy Setup
9.3 Attacking SSL
9.4 Attacking Application-Level SSL Validation
9.5 Hijacking Foundation HTTP Classes
9.6 Analyzing Data
9.7 Driftnet
9.8 Exercises
9.9 Summary
Securing
Chapter 10: Implementing Encryption
10.1 Password Strength
10.2 Introduction to Common Crypto
10.3 Master Key Encryption
10.4 Geo-Encryption
10.5 Split Server-Side Keys
10.6 Securing Memory
10.7 Public Key Cryptography
10.8 Exercises
Chapter 11: Counter Forensics
11.1 Secure File Wiping
11.2 Wiping SQLite Records
11.3 Keyboard Cache
11.4 Randomizing PIN Digits
11.5 Application Screenshots
Chapter 12: Securing the Runtime
12.1 Tamper Response
12.2 Process Trace Checking
12.3 Blocking Debuggers
12.4 Runtime Class Integrity Checks
12.5 Inline Functions
12.6 Complicating Disassembly
12.7 Exercises
Chapter 13: Jailbreak Detection
13.1 Sandbox Integrity Check
13.2 Filesystem Tests
13.3 Page Execution Check
Chapter 14: Next Steps
14.1 Thinking Like an Attacker
14.2 Other Reverse Engineering Tools
14.3 Security Versus Code Management
14.4 A Flexible Approach to Security
14.5 Other Great Books