Monthly Archives: December 2013

hakin9 terry cutler

iOS Hacking. Rise of the evil Smartphone

hakin9 magazine ios hacking terry cutleriOS Hacking. Rise of the evil Smartphone

With constant access to email, applications, the Internet, and company data, workers are using their devices to stay in touch with family, friends, and co-workers through social networks. This means that people are building a larger database and adding data to their applications. The appeal for hackers with mal-intent is obvious; the build up of data could mean massive attacks on sensitive company or government data. The crazy part is that it all could have been launched––unknowingly and cleverly––through a Smartphone.

This article focuses on black box security reviews of iOS applications, which is in contrast to white box, which does not require access to the original source code that is used to produce the binary. First, we present an overview of the iOS platform: a bit of history showing how the security has improved over time, the main security features that ensure the confidentiality of user data, and the integrity of running applications. These are key concepts that one needs to understand before they dive into penetration testing on this platform.

By Terry Cutler, Co-founder of Digital Locksmiths. Inc, CEH & François Proulx, Senior mobile application developer

With constant access to email, applications, the Internet, and company data, workers are using their devices to stay in touch with family, friends, and co-workers through social networks. This means that people are building a larger database and adding data to their applications. The appeal for hackers with mal-intent is obvious; the build up of data could mean massive attacks on sensitive company or government data. The crazy part is that it all could have been launched––unknowingly and cleverly––through a Smartphone.

This article focuses on black box security reviews of iOS applications, which is in contrast to white box, which does not require access to the original source code that is used to produce the binary. First, we present an overview of the iOS platform: a bit of history showing how the security has improved over time, the main security features that ensure the confidentiality of user data, and the integrity of running applications. These are key concepts that one needs to understand before they dive into penetration testing on this platform.

Evolution of the iOS platform security
When the first iPhone was introduced, it was initially only available in the US market and did not provide the ability for end users to install applications besides those provided at the time of purchase. This meant that there was no App Store, and no official way for developers to program and distribute applications. At that point, Apple decided to keep its SDK private, and since the platform was still in its infancy, many critical security aspects were eschewed. Because of this initial lax security, and the fact that the original iPhone was only made available in the United States and on a single carrier (AT&T), it provided a strong motive for a number of hackers to form what rapidly became known as “the jailbreak community.” This community of hackers initially had two main interests: the first was to be able to run custom apps, and the second was to SIM unlock the phone to make it work on other carriers worldwide. It only took a few days after the device was officially made available for hackers to “escape jail”. One of the most well known groups in this community is called the “iPhone Dev Team”.

During the days of what was then referred to as iPhone OS 1.0, the jailbreak community had a lot more freedom to explore because of the poor level of platform security. Over time, they amassed a wealth of highly technical information about the inner workings of the Apple hardware, as well as the operating system and frameworks. This deep technical knowledge proved extremely valuable when the second device came out (iPhone 3G), along with iPhone OS 2.0, as well as the first iteration of the App Store, in which the term “App” became so popular amongst the general population. While the first iPhone could only run built-in apps written by Apple, this new scheme allowed any developer to sign up for an account, download Xcode (Apple’s IDE and compiler suites), an SDK, and access documentation. Because Apple wanted to keep a close watch on the kinds of applications that could run on their platform, they had built a review process that all had to go through before they could be downloaded on to the App Store. The review process looks for usage of critical system APIs, suspicious behaviors, etc. Before submitting for review, a developer must code sign his binary using a developer certificate, which ensures traceability from the developer, through the review process, and all the way to the device it finally runs on. This means that all apps must contain a valid certificate chain that ends with a specific Apple trusted root. There is no official way, even if one would install its own self-signed certificate in the trusted anchors store, to bypass this signature check. One of the main features of a jailbroken device is that its kernel has been patched to skip this signature check, which significantly reduces the security of the platform, but allows a technical savvy user to dive more deeply into the system. In short, it is required to jailbreak a device in order to do any serious black box penetration testing of apps. However, you will soon see that you still can do a lot without going through the process.

Please register and download our full article which includes many great tips. Here is the link: http://hakin9.org/read-new-hakin9-open-for-free-and-become-a-cyber-security-expert/

 

Inside this issue:

Cloud Security

Information splitting in Cloud Storage Services
By Marius Aharonovich, IT Security Department Manager at Avnet, CISSP
The use of cloud computing services is expanding rapidly in recent years as it enables scalability, quick adaptation to dynamic changes in business requirements and total cost of ownership reduction. However, these services create challenges regarding information confidentiality and availability, where the cloud service provider is solely responsible for managing the computing infrastructure and information security.

Security in Microsoft Cloud
By Shruti Prasad, Lead in Microsoft Practice at Collabera Solutions Ltd., CEH, MCPD Azure Certified
While cloud services are gaining popularity and witnessing a predictive growth, security remains the biggest concern impeding the fast adoption of cloud services. The thought of sensitive data floating on the cloud continues to make people nervous. In spite of all the challenges, Cloud is here to stay!

Not enough security In-The-Cloud
By Alexander Larkin, Senior Developer at InfoTeCS
The history of In-The-Cloud. Problems with making hosted services secure. How it can help and why attacks can make no profit of using it today in some cases.

Cloud Computing Security Challenges 
By Ahmed Fawzy, CEH,CHFI, ECSA, ITIL, MCP, MCPD, MCSD, MCTS, MCT  
Recently the cloud computing became the most requested service across the IT services as we all know that there are many companies, organizations and governments moved to cloud for example half of the US government moved to cloud. The main objective of this article is to discuss just discuss the types of new risks surround move our data to the cloud and evaluate the dreams of unify the storage layer across the world as per some researches.

iOS Hacking

iOS Application Hacking, a rising star
By Antonio Ieranò, VP – Security Analyst and R&D Advisor at KBE Intelligence 
Mobile computing is a reality and mobile security is an obvious consequence. As we all are aware the market is nowadays divide into 3 main stream: Android, iOS and the others. Although Android is under the spotlight since its birth because of its security issues, and the issues related to the several “fork” that android generated to every single phone vendor, think of the HTC security issues last year for example, also iOS is becoming a target for malware, hacking and security concerns.

Non-Standard Way to Get Inaccessible Data from iOS
By Kirill Ermakov, Lead Information Security Expert at QIWI 
In the wake of my speech at Positive Hack Days, I would like to share information I got exploring a daemon configd on iOS 6 MACH. As you know, iOS gives little information about Wi-Fi connection status. Basically, the Public API allows getting SSID, BSSID, adapter network settings, and that’s all. And what about encryption mode? Signal power? You can look under the cut for more information on how to get such data without Private API and jail breaking.

iOS Hacking
By Terry Cutler, Co-founder of Digital Locksmith. Inc, CEH
François Proulx, Senior mobile application developer

With constant access to email, applications, the Internet, and company data, workers are using their devices to stay in touch with family, friends, and co-workers through social networks. This means that people are building a larger database and adding data to their applications. The appeal for hackers with mal-intent is obvious; the build up of data could mean massive attacks on sensitive company or government data. The crazy part is that it all could have been launched––unknowingly and cleverly––through a Smartphone.

Web Security

WordPress & Web Application Security
By Marc Andre Heroux, CGEIT, CISA, CRMA, CRMP, ABCP, CISSP, NSA- IAM, NSA-IEM
WordPress is a system that many organizations use to develop Web Application. It can be risky for an organization to rely on WordPress without implementing proper security controls. This article presents you the basic elements and security controls regarding Web Application using WordPress.

Web Authorization Attacks
By Niharika Ramachandra Murthy, Infotech Student at University of Stuttgart 
The logic behind Authorization is that the authenticated user’s session is proved with a unique random token which is used to identify him in the application. Since HTTP is a stateless protocol to overcome this session management is in place.

Advanced Exploitation

Black-Box Penetration Testing Scenario
By Basem Helmy, Information Security Engineer,  ECSA/LPT
All information in this article is from a real penetration testing scenarios. Some of steps in the article are strait forward; maybe it will need more skills to bypass some restrictions like the antivirus, host intrusion prevention system and firewalls.

Instrumentation: Entering The Mysterious World of Java Virtual Machine
By Hardik Suri, Security researcher at Juniper Networks 
Java is one of the most frequently exploited software by cybercriminals. The fact that more than 10 0 days have been actively exploited in the year of 2012-2013 shows the rate at which java 0 days are cropping up. Traditional IPS vendors have always lacked the capability to block java exploits generically; simple string matching methodology used by traditional IPS is easily evaded by the ever changing complex code obfuscation used by cybercriminals today. A dynamic scanning approach could help us look inside the actual vulnerability hiding behind all those obfuscation layers. Instrumentation, a tool which allows us to enter the Java Virtual Machine environment and monitor the execution of a program in real-time can provide us with that alternative.

Extra

How Hackers use QR Codes to hack you?!
By Ahmed Fawzy, CEH,CHFI, ECSA, ITIL, MCP, MCPD, MCSD, MCTS, MCT  
First of all, the price of technology often be the security challenges we face as a security professionals or end users when this technology come to our life to be added value and increase the luxury of our life but in fact it may have a potential risk, in this article we will discuss how hackers exploit the QR technology to hack others.

Password Cracking
By George Lewis, Director at Big Data Solutions, CISSP
This article will cover Exploitation Phase and mainly will focus on Gaining Access / Privilege escalation throughout different Password Cracking techniques.