Be the first to like this
Mobile devices are becoming more and more the “new navigator”. It is also the comeback of heavy clients with the proliferation of mobile application. In this market, Apple iPhone and iPad are very particular: they use ARM processors like the competitors but native iOS applications are written mainly in Objective-C. Moreover, every application is validated by Apple. What does this mean in term of security? How do we test these applications for security problems?
This presentation will cover different aspects of iPhone and iPad applications pentesting, like extraction and decryption of applications from iTunes, reverse engineering of binaries and interception of communications with web services. It is illustrated by several live demonstrations with real-world examples. We will also talk about previous researches on this subject and why they are either not satisfying or not applicable.
Bio: Annika discovered computers as teenager with Commodore 64 and later Apple Macintosh. She started her professional career in the 90’s as an IT Department assistant but she’s quickly switched to the administration of Windows workstations and UNIX servers. As an opportunity rose, she then turned to database development, first under the venerable Progress and then under the more classical Oracle. At the beginning of the new millennium, she participated to several projects and in particular was involved in the creation of an ISO standard. In parallel with her career she founded ADVTOOLS, a Swiss company specialized in information systems security.
Bio: Sebastien is playing with computers since the beginning of '80s. After some (short) tentative with the BASIC language, he switched to 8-bit processor assembly programming. In the ’90s, in parallel to studies in the University of Geneva, he specialized in C/C++ and assembly programming on Win/Intel and some Smalltalk. During the Internet years, he participated to several startups and releases some open source applications, including a multi-platform XML parser written in C++. At this time, he was confronted to software pirates and the incredible world of buffer overflows and SQL injections. In 2002, he specialized in applications security and forensics. As a fan of Apple since the famous Apple II and the legendary NeXT, he applies today his skills on iPhone and iPad.