Hacking and Securing iOS Applications Stealing Data, Hijacking Software, and How to Prevent It 13618

Паперова книга

13618

Hacking and Securing iOS Applications Stealing Data, Hijacking Software, and How to Prevent It - фото 1

ISBN

978-1-4493-1874-1
Видавництво

O'Reilly
Автор

Jonathan Zdziarski
Рік

2012
Мова

Англійська

03.05

650 ₴

Все про “Hacking and Securing iOS Applications Stealing Data, Hijacking Software, and How to Prevent It”

Від видавця

If you're an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company's iOS applications are vulnerable to attack. That's because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren't aware of. This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You'll learn best practices to help protect your applications, and discover how it is important to understand and strategize like your adversary. Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps Learn how attackers infect apps with malware through code injection Discover how attackers defeat iOS keychain and data protection encryption Use a debugger and custom code injection to manipulate the runtime Objective-C environment Prevent attackers from hijacking SSL sessions and stealing traffic Securely delete files and design your apps to prevent forensic data leakage Avoid debugging abuse, validate the integrity of run-time classes and make your code harder to trace

Зміст

Chapter 1 : Everything You Know Is Wrong
The Myth of a Monoculture
The iOS Security Model
Storing the Key with the Lock
Passcodes Equate to Weak Security
Forensic Data Trumps Encryption
External Data Is at Risk, Too
Hijacking Traffic
Trust No One, Not Even Your Application
Physical Access Is Optional
Summary
Hacking
Chapter 2 : The Basics of Compromising iOS
Why it's Important to Learn How to Break Into a Device
Jailbreaking Explained
End User Jailbreaks
Compromising Devices and Injecting Code
Exercises
Summary
Chapter 3 : Stealing the Filesystem
Full Disk Encryption
Copying the Live Filesystem
Copying the Raw Filesystem
Exercises
The Role of Social Engineering
Summary
Chapter 4 : Forensic Trace and Data Leakage
Extracting Image Geotags
SQLite Databases
Reverse Engineering Remnant Database Fields
SMS Drafts
Property Lists
Other Important Files
Summary
Chapter 5 : Defeating Encryption
Sogeti's Data Protection Tools
Extracting Encryption Keys
Decrypting the Keychain
Decrypting Raw Disk
Decrypting iTunes Backups
Defeating Encryption Through Spyware
Exercises
Summary
Chapter 6 : Unobliterating Files
Scraping the HFS Journal
Carving Empty Space
Commonly Відновлені Data
Summary
Chapter 7 : Manipulating the Runtime
Analyzing Binaries
Encrypted Binaries
Abusing the with Runtime Cycript
Exercises
Summary
Chapter 8 : Abusing the Runtime Library
Breaking Objective-C Down
Disassembling and Debugging
Malicious Code Injection
Injection Using Dynamic Linker Attack
Summary
Chapter 9 : Hijacking Traffic
APN Hijacking
Simple Proxy Setup
Attacking SSL
Attacking Application Level SSL Validation
Hijacking Foundation HTTP Classes
Analyzing Data
Driftnet
Exercises
Summary
Securing
Chapter 10 : Implementing Encryption
Password Strength
Introduction to Common Crypto
Master Key Encryption
Geo-Encryption
Split Server-Side Keys
Securing Memory
Public Key Cryptography
Exercises
Chapter 11 : Counter Forensics
Secure File Wiping
Wiping SQLite Records
Keyboard Cache
Randomizing PIN Digits
Application Screenshots
Chapter 12 : Securing the Runtime
Tamper Response
Process Trace Checking
Blocking Debuggers
Runtime Class Integrity Checks
Inline Functions
Complicating Disassembly
Exercises
Chapter 13 : Jailbreak Detection
Sandbox Integrity Check
Filesystem Tests
Page Execution Check
Chapter 14 : Next Steps
Thinking Like an Attacker
Other Reverse Engineering Tools
Security Versus Code Management
A Flexible Approach to Security
Other Great Books