Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It

( 4 )

Overview

If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices ...

See more details below
Other sellers (Paperback)
  • All (19) from $20.88   
  • New (13) from $24.11   
  • Used (6) from $20.88   
Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$11.49
BN.com price
(Save 42%)$19.99 List Price

Overview

If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.

  • Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
  • Learn how attackers infect apps with malware through code injection
  • Discover how attackers defeat iOS keychain and data-protection encryption
  • Use a debugger and custom code injection to manipulate the runtime Objective-C environment
  • Prevent attackers from hijacking SSL sessions and stealing traffic
  • Securely delete files and design your apps to prevent forensic data leakage
  • Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace
Read More Show Less

Product Details

  • ISBN-13: 9781449318741
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 1/25/2012
  • Edition number: 1
  • Pages: 358
  • Product dimensions: 6.90 (w) x 9.10 (h) x 0.90 (d)

Meet the Author

Jonathan Zdziarski is better known as the hacker "NerveGas" in the iOSdevelopment community. His work in cracking the iPhone helped lead theeffort to port the first open source applications to it, and his bookiPhone Open Application Development taught developers how to writeapplications for the popular device long before Apple introduced itsown SDK. Jonathan is also the author of many other books, includingiPhone SDK Application Development and iPhone Forensics. Jonathanpresently supports over 2,000 law enforcement agencies worldwide anddistributes a suite of iOS forensic imaging tools to obtain evidencefrom iOS devices for criminal cases. He frequently consults and trainslaw enforcement agencies and assists forensic examiners in theirinvestigations.

Jonathan is also a full-time Sr. Forensic Scientist, where, amongother things, he performs penetration testing of iOS applications forcorporate clients.

Read More Show Less

Table of Contents

Dedication;
Preface;
Audience of This Book;
Organization of the Material;
Conventions Used in This Book;
Using Code Examples;
Legal Disclaimer;
Safari® Books Online;
How to Contact Us;
Chapter 1: Everything You Know Is Wrong;
1.1 The Myth of a Monoculture;
1.2 The iOS Security Model;
1.3 Storing the Key with the Lock;
1.4 Passcodes Equate to Weak Security;
1.5 Forensic Data Trumps Encryption;
1.6 External Data Is at Risk, Too;
1.7 Hijacking Traffic;
1.8 Trust No One, Not Even Your Application;
1.9 Physical Access Is Optional;
1.10 Summary;
Hacking;
Chapter 2: The Basics of Compromising iOS;
2.1 Why It’s Important to Learn How to Break Into a Device;
2.2 Jailbreaking Explained;
2.3 End User Jailbreaks;
2.4 Compromising Devices and Injecting Code;
2.5 Exercises;
2.6 Summary;
Chapter 3: Stealing the Filesystem;
3.1 Full Disk Encryption;
3.2 Copying the Live Filesystem;
3.3 Copying the Raw Filesystem;
3.4 Exercises;
3.5 The Role of Social Engineering;
3.6 Summary;
Chapter 4: Forensic Trace and Data Leakage;
4.1 Extracting Image Geotags;
4.2 SQLite Databases;
4.3 Reverse Engineering Remnant Database Fields;
4.4 SMS Drafts;
4.5 Property Lists;
4.6 Other Important Files;
4.7 Summary;
Chapter 5: Defeating Encryption;
5.1 Sogeti’s Data Protection Tools;
5.2 Extracting Encryption Keys;
5.3 Decrypting the Keychain;
5.4 Decrypting Raw Disk;
5.5 Decrypting iTunes Backups;
5.6 Defeating Encryption Through Spyware;
5.7 Exercises;
5.8 Summary;
Chapter 6: Unobliterating Files;
6.1 Scraping the HFS Journal;
6.2 Carving Empty Space;
6.3 Commonly Recovered Data;
6.4 Summary;
Chapter 7: Manipulating the Runtime;
7.1 Analyzing Binaries;
7.2 Encrypted Binaries;
7.3 Abusing the Runtime with Cycript;
7.4 Exercises;
7.5 Summary;
Chapter 8: Abusing the Runtime Library;
8.1 Breaking Objective-C Down;
8.2 Disassembling and Debugging;
8.3 Malicious Code Injection;
8.4 Injection Using Dynamic Linker Attack;
8.5 Summary;
Chapter 9: Hijacking Traffic;
9.1 APN Hijacking;
9.2 Simple Proxy Setup;
9.3 Attacking SSL;
9.4 Attacking Application-Level SSL Validation;
9.5 Hijacking Foundation HTTP Classes;
9.6 Analyzing Data;
9.7 Driftnet;
9.8 Exercises;
9.9 Summary;
Securing;
Chapter 10: Implementing Encryption;
10.1 Password Strength;
10.2 Introduction to Common Crypto;
10.3 Master Key Encryption;
10.4 Geo-Encryption;
10.5 Split Server-Side Keys;
10.6 Securing Memory;
10.7 Public Key Cryptography;
10.8 Exercises;
Chapter 11: Counter Forensics;
11.1 Secure File Wiping;
11.2 Wiping SQLite Records;
11.3 Keyboard Cache;
11.4 Randomizing PIN Digits;
11.5 Application Screenshots;
Chapter 12: Securing the Runtime;
12.1 Tamper Response;
12.2 Process Trace Checking;
12.3 Blocking Debuggers;
12.4 Runtime Class Integrity Checks;
12.5 Inline Functions;
12.6 Complicating Disassembly;
12.7 Exercises;
Chapter 13: Jailbreak Detection;
13.1 Sandbox Integrity Check;
13.2 Filesystem Tests;
13.3 Page Execution Check;
Chapter 14: Next Steps;
14.1 Thinking Like an Attacker;
14.2 Other Reverse Engineering Tools;
14.3 Security Versus Code Management;
14.4 A Flexible Approach to Security;
14.5 Other Great Books;

Read More Show Less

Customer Reviews

Average Rating 3
( 4 )
Rating Distribution

5 Star

(2)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(2)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 4 Customer Reviews
  • Posted February 26, 2012

    Enlightening and inspiring

    This book shows the other side of Apple’s devices. Less secure one. We all are told that iOS based devices are secure due to restrictions applied by Apple. This is not exactly true. Well, there is always the other side of the coin.

    When I started the book I simply dived into it. I read it over one evening. Jonathan takes you on the journey over the low level layers of iOS development and shows what bad guys can do when they put their hands on your “precious”. He presents how to jailbreak device, how to access common data, how to retrieve information from the device, how to manipulate it and how to compromise it. After various malicious behavior is described, Jonathan shows how to make your own applications more bullet proof. How to avoid caching, how to encrypt better, how to detect jailbreaked devices. Last topics is particularly interesting for people who develop proprietary software and want to make sure it will not be compromised by irresponsible users. You will also learn few interesting debugging techniques and find loots of references to other sources related to the topic.

    Book is both rewarding and demanding at the same time. If you are an iOS newbie, you’d better learn more about Objective-C, shell and iOS SDK before you start this one. Contrary, if you are familiar with mentioned topics already, and you know some basics of assembler, go ahead and buy this one.

    Note!! To fully benefit from the book you will need a device that you can jailbreak. Otherwise you won’t be able to follow all exercises.

    2 out of 2 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted January 8, 2013

    Sex

    Sexersize

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted May 15, 2012

    Lame

    You suck

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted May 1, 2012

    No text was provided for this review.

Sort by: Showing all of 4 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)