1. iOS Security Services
Alexandr Veremeenko
ITGinGer developer

2. IOS Security Services
✔
Так ли безопасен iOS
✔
Небольшой экскурс в криптографию
✔
Концепция безопасности

3. XSS in «Chat Message window»
3.0.1 or earlier

4. PDF — hole. JailBreak

5. Black Hat — core debugger
Отладчик iOS бесполезен для
всех... кроме хакеров

6. Charlie Miller (InstaStock)
Performance Safari becoming better but security
becoming worse

7. Ipad 2 Smart Cover passcode
bug

8. DEV - TEAM

9. Небольшой экскурс в
криптографию

10. ЦС
A Б

11. IOS architecture overview

12. Applications
Core Services
CFNetwork Security Services
Keychain Certificate, Randomization
Services Key , and Trust Services
Services
Core OS
libSystem
Common Crypto

13. CFNetwork
✔
Working with BSD sockets
✔
Creating encrypted connections using SSL or
TLS
✔
Working with HTTP, authentificating HTTP and
HTTPS servers
✔
Working with FTP servers
✔
Publishing, resolving and browsing Bonjour
services
CFSoket API CFStream API

14. Keychain
✔
Change the attributes and data
in a keychain item
✔
Add an item to a keychain
✔
Find an item in a keychain
✔
Get the attributes and data in a
keychain item

15. Certificate, Key and Trust
Services
✔
Cryptography and Digital
Signatures
✔
Managing Policies
✔
Getting Type identifiers
✔
Managing identities
✔
Managing Certificates
✔
Managing Trust

16. Randomization Services
Randomization Services is an API that
generates cryptographically secure
random numbers.

17. Разрешение на шифрование для
приложений из AppStore
✔
В продуктах для медицинского
использования
✔
Для защиты интеллектуальной собственности
✔
Для авторизации, электронной подписи или
расшифровки файлов данных
✔
Исключительно для банковского
использования или «денежных транзакций»

18. Спасибо за внимание!

19. Ваши вопросы
Веремеенко Александр
averemeenko@itginger.com itginger.com
blog.itginger.com
@averem
developer.apple.com