@clement_prem
iOS Engineer @Lifesum
Clement Prem
Terminal & root access
AwarenessIt is fun
SEP
Secure Boot
App Sandboxing
TouchID
ATS
AppStore
Made in China
Xcode
First large-scale attack on Apple's App Store
Ghost
Security Vulnerabilities Published In 2016
Dynamic code instrumentation toolkit
Modular framework to streamline the process of conducting security
assessments of iOS apps.
https://www.frida.re
https://github.com/mwrlabs/needle
Tools
Jailbroken device with Cydia
OpenSSH
APT 0.7 strict
Needle Agent
Frida
View Meta data
File storage
Keychain Dump
Class dump & Method dump
Installation
Analysing Network Traffic
Monitor method calls
Modify run time behaviour
Installation
Safety Measures
Check the Device is Jailbroken!
Run static/code_checks from Needle
Use latest security features provided by Apple
Client can not be trusted
Double check network calls
Respect user’s privacy at the core
Encrypt sensitive data
……
Resources
Jailbreak (OpenSSH, APT 0.7 Strict)
Needle
Frida
http://yalujailbreak.org/ios-10-2-1/
https://github.com/mwrlabs/needle
https://www.frida.re
Thank You

Security in iOS