Scribd
Upload
118 views32 pages

Securitytube Ios Security Expert: Online Training

The document discusses security mechanisms in iOS like code signing, application sandboxing, encryption, and network security. It introduces iOS security architecture and concepts like secure boot chain and trusted application loading. It also discusses challenges in application testing due to iOS restrictions and how to overcome them.

Uploaded by

Ankush
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
118 views32 pages

Securitytube Ios Security Expert: Online Training

The document discusses security mechanisms in iOS like code signing, application sandboxing, encryption, and network security. It introduces iOS security architecture and concepts like secure boot chain and trusted application loading. It also discusses challenges in application testing due to iOS restrictions and how to overcome them.

Uploaded by

Ankush
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

SecurityTube

iOS Security Expert

Online Training: h6p://www.Securitytube-Training.com

SecurityTube.net

Introduc?on to iOS
Vivek Ramachandran
Founder, SecurityTube.net
Training: h6p://securitytube-training.com

SecurityTube.net

Course Requirements
Hardware
Jailbroken iPhone / iPad
Any version of iOS >= 5.1.1
No Support for Jailbreaking (warranty void?)
h6p://jailbreak-me.info/

SoWware
Windows / Linux / OS X
SecurityTube.net

Can I follow the course without a device?


Absolutely!
Will not be able to do the demos
Concept Oriented and Prac?cal
will not be boring to watch J

SecurityTube.net

iOS
iPhone

iOS Opera?ng System

iPad

iPod

SecurityTube.net

What is iOS really?

h6p://en.wikipedia.org/wiki/IOS

SecurityTube.net

Is iOS Open Source?

h6p://opensource.apple.com/
SecurityTube.net

Only Selected Components

h6p://opensource.apple.com/release/ios-601/
SecurityTube.net

Does it look any dierent than Linux?


Lets login to an Jailbroken iPhone

SecurityTube.net

SecurityTube iOS Security Expert

Online Training: h6p://www.Securitytube-Training.com

SecurityTube.net

iOS Applica?on Basics


Vivek Ramachandran
Founder, SecurityTube.net
Training: h6p://securitytube-training.com

SecurityTube.net

iXXX

Applica?ons

Opera?ng System (iOS)

Hardware

SecurityTube.net

iOS Applica?ons

SecurityTube.net

How does one Develop iOS Applica?ons?


Xcode using Objec?ve-C

iPhone / iPad simulator

Run on actual device to test


SecurityTube.net

HelloWorld
Customary Hello World Program

SecurityTube.net

SecurityTube iOS Security Expert

Online Training: h6p://www.Securitytube-Training.com

SecurityTube.net

MVC and Event Driven


Architecture
Vivek Ramachandran
Founder, SecurityTube.net
Training: h6p://securitytube-training.com

SecurityTube.net

SecurityTube iOS Security Expert

SecurityTube.net

ARM Processor


SecurityTube.net

iDevice Processors
SoC System on a Chip
iDevices
License ARM cores (< iPhone 5)
License ARM instruc?on set to build own code (>
iPhone 5)

h6p://www.anandtech.com/show/6292/
iphone-5-a6-not-a15-custom-core
SecurityTube.net

ARM anyone?

h6p://en.wikipedia.org/wiki/ARM_architecture

SecurityTube.net

Demo
A6aching to a Running Program
View disassembly

SecurityTube.net

SecurityTube iOS Security Expert

Online Training: h6p://www.Securitytube-Training.com

SecurityTube.net

iOS Security Mechanisms


Pre6y much shrouded in mystery
First public disclosure:
h6p://images.apple.com/ipad/business/docs/
iOS_Security_May12.pdf
Talk at Blackhat 2012
Rehash of the PDF above
SecurityTube.net

Security Architecture

SecurityTube.net

Source: Apple Inc.

Secure Boot Chain

Boot ROM

LLB

iBoot

iOS Kernel

SecurityTube.net

Loading Trusted Applica?ons


Code Signing

iOS Kernel

iOS Applica?on

SecurityTube.net

Applica?on Isola?on
Code Signing

Code Signing

Applica?on 1

Applica?on 2

Sandbox

Sandbox
SecurityTube.net

Data Encryp?on
Hardware Crypto
UID and GID keys

Data and File Protec?on


Keychain
Keybags
File Encryp?on

SecurityTube.net

Network Security
Built in support for:
SSL and TLS
VPN
Wi
Enterprise (EAP-TLS, TTLS, PEAP etc.)

Bluetooth

SecurityTube.net

Why is this relevant to Applica?on


Pentes?ng?
How can you audit an applica?on if the plakorm
has so many restric?ons?
How do you gain access to the lesystem?
How do decrypt data from keychain, le etc.?
How do you monitor the applica?on while it is
running?
SecurityTube.net

You might also like