5
1
Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It
354
by Jonathan Zdziarski
Jonathan Zdziarski
Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It
354
by Jonathan Zdziarski
Jonathan Zdziarski
Paperback
$39.99
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
39.99
In Stock
Overview
If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.
This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.
- Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
- Learn how attackers infect apps with malware through code injection
- Discover how attackers defeat iOS keychain and data-protection encryption
- Use a debugger and custom code injection to manipulate the runtime Objective-C environment
- Prevent attackers from hijacking SSL sessions and stealing traffic
- Securely delete files and design your apps to prevent forensic data leakage
- Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace
Product Details
| ISBN-13: | 9781449318741 |
|---|---|
| Publisher: | O'Reilly Media, Incorporated |
| Publication date: | 01/25/2012 |
| Pages: | 354 |
| Product dimensions: | 6.90(w) x 9.10(h) x 0.90(d) |
About the Author
Jonathan Zdziarski is better known as the hacker "NerveGas" in the iOS
development community. His work in cracking the iPhone helped lead the effort to port the first open source applications to it, and his book iPhone Open Application Development taught developers how to write applications for the popular device long before Apple introduced its own SDK. Jonathan is also the author of many other books, including iPhone SDK Application Development and iPhone Forensics. Jonathan presently supports over 2,000 law enforcement agencies worldwide and distributes a suite of iOS forensic imaging tools to obtain evidence from iOS devices for criminal cases. He frequently consults and trains law enforcement agencies and assists forensic examiners in their investigations.
Jonathan is also a full-time Sr. Forensic Scientist, where, among other things, he performs penetration testing of iOS applications for corporate clients.
development community. His work in cracking the iPhone helped lead the effort to port the first open source applications to it, and his book iPhone Open Application Development taught developers how to write applications for the popular device long before Apple introduced its own SDK. Jonathan is also the author of many other books, including iPhone SDK Application Development and iPhone Forensics. Jonathan presently supports over 2,000 law enforcement agencies worldwide and distributes a suite of iOS forensic imaging tools to obtain evidence from iOS devices for criminal cases. He frequently consults and trains law enforcement agencies and assists forensic examiners in their investigations.
Jonathan is also a full-time Sr. Forensic Scientist, where, among other things, he performs penetration testing of iOS applications for corporate clients.
Table of Contents
Dedication; Preface; Audience of This Book; Organization of the Material; Conventions Used in This Book; Using Code Examples; Legal Disclaimer; Safari® Books Online; How to Contact Us; Chapter 1: Everything You Know Is Wrong; 1.1 The Myth of a Monoculture; 1.2 The iOS Security Model; 1.3 Storing the Key with the Lock; 1.4 Passcodes Equate to Weak Security; 1.5 Forensic Data Trumps Encryption; 1.6 External Data Is at Risk, Too; 1.7 Hijacking Traffic; 1.8 Trust No One, Not Even Your Application; 1.9 Physical Access Is Optional; 1.10 Summary; Hacking; Chapter 2: The Basics of Compromising iOS; 2.1 Why It’s Important to Learn How to Break Into a Device; 2.2 Jailbreaking Explained; 2.3 End User Jailbreaks; 2.4 Compromising Devices and Injecting Code; 2.5 Exercises; 2.6 Summary; Chapter 3: Stealing the Filesystem; 3.1 Full Disk Encryption; 3.2 Copying the Live Filesystem; 3.3 Copying the Raw Filesystem; 3.4 Exercises; 3.5 The Role of Social Engineering; 3.6 Summary; Chapter 4: Forensic Trace and Data Leakage; 4.1 Extracting Image Geotags; 4.2 SQLite Databases; 4.3 Reverse Engineering Remnant Database Fields; 4.4 SMS Drafts; 4.5 Property Lists; 4.6 Other Important Files; 4.7 Summary; Chapter 5: Defeating Encryption; 5.1 Sogeti’s Data Protection Tools; 5.2 Extracting Encryption Keys; 5.3 Decrypting the Keychain; 5.4 Decrypting Raw Disk; 5.5 Decrypting iTunes Backups; 5.6 Defeating Encryption Through Spyware; 5.7 Exercises; 5.8 Summary; Chapter 6: Unobliterating Files; 6.1 Scraping the HFS Journal; 6.2 Carving Empty Space; 6.3 Commonly Recovered Data; 6.4 Summary; Chapter 7: Manipulating the Runtime; 7.1 Analyzing Binaries; 7.2 Encrypted Binaries; 7.3 Abusing the Runtime with Cycript; 7.4 Exercises; 7.5 Summary; Chapter 8: Abusing the Runtime Library; 8.1 Breaking Objective-C Down; 8.2 Disassembling and Debugging; 8.3 Malicious Code Injection; 8.4 Injection Using Dynamic Linker Attack; 8.5 Summary; Chapter 9: Hijacking Traffic; 9.1 APN Hijacking; 9.2 Simple Proxy Setup; 9.3 Attacking SSL; 9.4 Attacking Application-Level SSL Validation; 9.5 Hijacking Foundation HTTP Classes; 9.6 Analyzing Data; 9.7 Driftnet; 9.8 Exercises; 9.9 Summary; Securing; Chapter 10: Implementing Encryption; 10.1 Password Strength; 10.2 Introduction to Common Crypto; 10.3 Master Key Encryption; 10.4 Geo-Encryption; 10.5 Split Server-Side Keys; 10.6 Securing Memory; 10.7 Public Key Cryptography; 10.8 Exercises; Chapter 11: Counter Forensics; 11.1 Secure File Wiping; 11.2 Wiping SQLite Records; 11.3 Keyboard Cache; 11.4 Randomizing PIN Digits; 11.5 Application Screenshots; Chapter 12: Securing the Runtime; 12.1 Tamper Response; 12.2 Process Trace Checking; 12.3 Blocking Debuggers; 12.4 Runtime Class Integrity Checks; 12.5 Inline Functions; 12.6 Complicating Disassembly; 12.7 Exercises; Chapter 13: Jailbreak Detection; 13.1 Sandbox Integrity Check; 13.2 Filesystem Tests; 13.3 Page Execution Check; Chapter 14: Next Steps; 14.1 Thinking Like an Attacker; 14.2 Other Reverse Engineering Tools; 14.3 Security Versus Code Management; 14.4 A Flexible Approach to Security; 14.5 Other Great Books;From the B&N Reads Blog
Page 1 of