On March 17, 2011, I presented New Age Application Attacks Against Apple's iOS at BlackHat Barcelona.
The whitepaper associated with my talk is now available. You can download it from this URL: https://media.blackhat.com/bh-eu-11/Nitesh_Dhanjani/BlackHat_EU_2011_Dhanjani_Attacks_Against_Apples_iOS-WP.pdf
This whitepaper brings together emerging research to illustrate the net-new attack vectors targeting iOS applications. The intended audience for the rest of this paper include technical security analysts and iOS application developers. The following topics are discussed in detail:
- Protocol handling attacks and secure design.
- User Interface (UI) attacks and best practices.
- Abusing and securely design Apple Push Notifications.
- Man in the Middle attacks, Privacy Leaks, Identity Decloaking, and Countermeasures.
In addition to these topics, the Appendix in the whitepaper contains a checklist of items to consider when assessing iOS applications. This list includes traditional application security weaknesses that also apply to iOS. Additional items to consider, such as data protection and file encryption applicable to iOS devices, are also presented in the Appendix.
I trust many may find the information in the paper valuable and actionable. If you have any questions or feedback, please feel free to contact me.
