NOWSECURE PLATFORM UPDATE DELIVERS GROUNDBREAKING PRODUCTIVITY, PERFORMANCE, COVERAGE AND COST SAVINGS FOR MOBILE APPLICATION SECURITY

Latest version automates policy-driven security testing and dramatically expands mobile security assessment coverage for faster, higher-quality mobile app software delivery at lower cost.

NOWSECURE PLATFORM UPDATE DELIVERS GROUNDBREAKING PRODUCTIVITY, PERFORMANCE, COVERAGE AND COST SAVINGS FOR MOBILE APPLICATION SECURITY NOWSECURE PLATFORM UPDATE DELIVERS GROUNDBREAKING PRODUCTIVITY, PERFORMANCE, COVERAGE AND COST SAVINGS FOR MOBILE APPLICATION SECURITY Show More
magnifying glass icon

Jonathan Zdziarski

Former Senior Forensic Scientist at NowSecure

Jonathan is a forensic scientist, researcher, iOS app penetration tester, author, reverse engineer, photographer, and purveyor of funky bass guitar.

The Dark Art of iOS Application Hacking

The following presentation was delivered by Jonathan Zdziarski at Blackhat 2012 on July 26.

The electronic information age has made the theft of data a very lucrative occupation. Criminals stand to greatly benefit from electronic crimes, making their investment well worth the risk. The chances that your applications will be vulnerable to attack are very high. Due to a number of common vulnerabilities in the iOS monoculture, attackers can easily reverse engineer, trace, and manipulation applications in ways that even most iOS developers aren’t aware of. Even many encryption implementations are weak, and a good hacker can penetrate these and other layers that, so many times, present only a false sense of security to the application’s developers.

This talk is designed to demonstrate many of the techniques black hats use to steal data and manipulate software, so that developers will better know the fight they’re up against, and hopefully how to avoid many all-too common mistakes that leave your applications exposed to easy attacks. These attacks are not necessarily limited to just the theft of data from the device, but can sometimes even lead to much more nefarious attacks. The audience will also learn about some techniques to better secure applications, such as counter debugging techniques, attack response, implementing better encryption, etc.