I phone

481 views

Published on

iphone descrption

Published in: Technology, News & Politics
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
481
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

I phone

  1. 1. The iPhone: A Case for Software Security Dwayne Bates
  2. 2. Acknowledgements <ul><li>Graham Cluley’s Blog http://www.sophos.com/blogs/gc/g/2009/11/03/hacked-iphones-held-hostage-5-euros/ </li></ul><ul><li>Nicolas Seriot (SpyPhone)-http://seriot.ch/blog.php?article=20100203 </li></ul><ul><li>Apple’s Developer Site- developer.apple.com </li></ul>
  3. 3. Overview <ul><li>What is the iPhone? </li></ul><ul><li>History of Privacy Issues for the iPhone </li></ul><ul><li>Spyware and the iPhone </li></ul><ul><li>iPhone Applications </li></ul><ul><li>How did this information affect the development process? </li></ul><ul><li>Closing Remarks </li></ul><ul><li>References </li></ul>
  4. 4. What is the iPhone? <ul><li>Features: </li></ul><ul><ul><li>iPod </li></ul></ul><ul><ul><li>Phone </li></ul></ul><ul><ul><li>Internet </li></ul></ul>
  5. 5. Security Overview <ul><li>History of Security and Privacy Issues: </li></ul><ul><ul><li>Root exploits and Personal Data Harvesting </li></ul></ul><ul><ul><li>Jailbreaking and Worms </li></ul></ul>
  6. 6. Security Overview cont.'d.. <ul><li>Spyware and the iPhone: SpyPhone </li></ul>/var/mobile/Library/Keyboard/ /var/mobile/Library/Preferences/com.apple.accountsettings.plist /var/mobile/Library/Preferences/com.apple.commcenter.plist /var/mobile/Library/Preferences/com.apple.mobilephone.settings.plist /var/mobile/Library/Preferences/com.apple.mobilephone.plist /var/mobile/Library/Preferences/com.apple.mobilesafari.plist /var/mobile/Library/Preferences/com.apple.preferences.datetime.plist /var/mobile/Library/Preferences/com.apple.weather.plist /var/mobile/Library/Preferences/com.apple.youtube.plist /var/mobile/Library/Preferences/com.apple.Maps.plist /var/mobile/Media/DCIM/ Figure 2: Paths actually read by SpyPhone
  7. 7. iPhone Applications <ul><li>Development Process </li></ul><ul><ul><li>Enroll in iPhone Developer Program </li></ul></ul><ul><ul><li>Download iPhone SDK </li></ul></ul><ul><ul><li>Gain working knowledge of Objective-C </li></ul></ul>
  8. 8. iPhone Applications cont.'d.. <ul><li>Development Tools </li></ul><ul><ul><li>Xcode- Development Environment </li></ul></ul><ul><ul><li>iPhone Simulator- Simulation of the application in it's environment </li></ul></ul><ul><ul><li>Interface Builder- Used to build the user interface </li></ul></ul><ul><ul><li>CLANG- Static Analysis Tool </li></ul></ul><ul><ul><li>Apple’s Secure Coding Guide </li></ul></ul>
  9. 9. Motivation <ul><li>In my work I propose the development of an iPhone application with the information and tools provided by Apple to developers. In addition, I will be evaluating the information and tools in an effort to see if they are adequate enough for development of secure applications. The development process will be enhanced to focus on the use of software security principles throughout the entire Software Development Life Cycle (SDLC). By incorporating these principles throughout the SDLC, the resulting application will be more reliable and better quality. </li></ul>
  10. 10. Proof of Concept Poof- is an iPhone game in which the player must try to match at least three like tiles at a time in an effort to clear the board. If the player succeeds in this effort and achieves a high score they are prompted to enter their name into a high score list.
  11. 11. Contributions <ul><li>Usability </li></ul><ul><li>Security </li></ul><ul><li>Integrity </li></ul>
  12. 12. Risk Analysis <ul><li>Buffer Overflow </li></ul><ul><li>File Modification </li></ul><ul><li>High Score List Hacking </li></ul><ul><li>Memory Leaks </li></ul>
  13. 13. Buffer Overflow <ul><li>Input Validation </li></ul><ul><ul><li>-( BOOL ) textField:( UITextField *)textField shouldChangeCharactersInRange:( NSRange )range replacementString:( NSString *)textEntered { </li></ul></ul><ul><ul><li>NSCharacterSet *myCharSet = [ NSCharacterSet characterSetWithCharactersInString : @&quot;~`!@#$%^&*()_-+={}[]|:&quot;;'<>?/.,&quot; ]; for ( int i = 0 ; i < [textEntered length ]; i++) { </li></ul></ul><ul><ul><li>unichar c = [textEntered characterAtIndex :i]; </li></ul></ul><ul><ul><li>if ([myCharSet characterIsMember :c]) { </li></ul></ul><ul><ul><li>return NO ; } </li></ul></ul><ul><ul><li>} return YES ;} </li></ul></ul><ul><ul><li>- ( void )textFieldDidEndEditing:( UITextField *)textField { if ([textField.text length ]> 0 &&[textField.text length ]<= 10 ){ </li></ul></ul><ul><ul><li>acceptable =textField.text;} </li></ul></ul><ul><ul><li>else { </li></ul></ul><ul><ul><li>[ self getUserNameErrorMSG : YES ];} </li></ul></ul><ul><ul><li>if (( acceptable != nil )){[ self stringForHS : YES ];}} </li></ul></ul>
  14. 14. Buffer Overflow <ul><li>Input Validation </li></ul>
  15. 15. File Modification
  16. 16. File Modification -( void ) saveSettings{ NSString * path = [[ NSBundle mainBundle ] bundlePath ]; NSString * file = [path stringByAppendingPathComponent : @&quot;settings.plist&quot; ]; [ self . settings writeToFile :file atomically : YES ]; [path release ]; [file release ]; } -( void ) saveHighScores{ NSString * path = [[ NSBundle mainBundle ] bundlePath ]; NSString * file = [path stringByAppendingPathComponent : @&quot;highscores.plist&quot; ]; [ self . highScores writeToFile :file atomically : YES ]; [path release ]; [file release ]; }
  17. 17. Memory Leaks CLANG- Static Analysis Results
  18. 18. Memory Leaks
  19. 19. Conclusion <ul><ul><li>CLANG </li></ul></ul><ul><ul><ul><li>Security Related Bugs </li></ul></ul></ul><ul><ul><li>File Validation </li></ul></ul><ul><ul><ul><li>File Paths </li></ul></ul></ul><ul><ul><ul><li>File Read function enhancement </li></ul></ul></ul>

×