Successfully reported this slideshow.
Your SlideShare is downloading. ×

iOS Security

Upcoming SlideShare
iOS (Vulner)ability
iOS (Vulner)ability
Loading in …3
×

Check these out next

1 of 15 Ad
1 of 15 Ad
Advertisement

More Related Content

Advertisement

iOS Security

  1. 1. iOS Security Bruno Rocha iOS Developer @ Movile
  2. 2. 🙂 😡 😡 😡 😡 😡 Bad people
  3. 3. Crypto keys in NSUserDefaults/Keychain Secret API Keys in the Info.plist or hardcoded CoreData/SQLite with sensitive data var isSubscribed: Bool
  4. 4. NSUserDefaults - Documents folder, not encrypted CoreData - Documents folder, not encrypted Info.plist - Exposed in your .ipa/.app Keychain - Encrypted, but exploitable NSKeyedArchiver - A plist in hex format
  5. 5. var isSubscribed: Bool { let subscription = getSubscription() return subscription.isExpired == false } var swizzled__isSubscribed: Bool { return true }
  6. 6. Demo 1: Insecure Data Storages
  7. 7. Protecting apps from Storage Attacks • Encrypt/Encode data before saving/ hardcoding (Careful! This will not prevent attacks, only slow them down.) • Treat critical data (like secret API keys) server-side if possible • Open Source “String obfuscation" libs: Hackers have Google too.
  8. 8. Demo 2: Runtime Manipulation
  9. 9. Protecting apps from Runtime Manipulation Important logic should be treated/ checked server-side! (eg: API Tokens)
  10. 10. Protecting apps from Runtime Manipulation
  11. 11. Protecting apps from Runtime Manipulation
  12. 12. What about the real world?

×