Jonathan Zdziarski
Former Senior Forensic Scientist at NowSecure
The Dark Art of iOS Application Hacking
The following presentation was delivered by Jonathan Zdziarski at Blackhat 2012 on July 26.
The electronic information age has made the theft of data a very lucrative occupation. Criminals stand to greatly benefit from electronic crimes, making their investment well worth the risk. The chances that your applications will be vulnerable to attack are very high. Due to a number of common vulnerabilities in the iOS monoculture, attackers can easily reverse engineer, trace, and manipulation applications in ways that even most iOS developers aren’t aware of. Even many encryption implementations are weak, and a good hacker can penetrate these and other layers that, so many times, present only a false sense of security to the application’s developers.
This talk is designed to demonstrate many of the techniques black hats use to steal data and manipulate software, so that developers will better know the fight they’re up against, and hopefully how to avoid many all-too common mistakes that leave your applications exposed to easy attacks. These attacks are not necessarily limited to just the theft of data from the device, but can sometimes even lead to much more nefarious attacks. The audience will also learn about some techniques to better secure applications, such as counter debugging techniques, attack response, implementing better encryption, etc.