We’ll learn about levels of security on the iOS and OS X platforms by a series of Sneaky Hacks™. The talk will be a set of demos that will demonstrate vulnerabilities increasing in severity and difficulty as well as how to avoid them happening to you or the apps you build.
Most of the content will be relevant and actionable to anyone creating iOS apps. Anything that isn’t will be super entertaining 😸.
Things that will be covered:
1) Get the user to download an app:
- We’ll write an app that can steal keychain credentials
- We’ll patch a version of an app the user already has (e.g. Twitter) to dump secure data.
2) Access a network the user is on:
- Intercept some network traffic from an app that isn’t our own
3) Get root access:
- Attach debugserver to app, use LLDB on a 3rd party app/
- Tweek 3rd party apps (make all twitter photos cats)
- Tweek system (OS processes). Draw something on the lock screen.
- Access to 3rd party apps’ data (passwords/tokens etc).
- Set up remote access (for next demo)
4) Get remote access:
A real time mitm server dumping all network traffic.