SlideShare a Scribd company logo

iOS (Vulner)ability: A Guide to Exploiting Security Flaws

Subho Halder
Subho Halder

This document discusses security issues and vulnerabilities in the iOS operating system. It begins with an overview of the iOS hardware and software architecture, including the security features like sandboxing and code signing. It then explains what a jailbreak is and how it attacks the chain of trust to bypass these protections. The document outlines several ways sensitive data can be accessed, such as through property lists, SQLite databases, keychains, logs, and cached files. It also discusses client-side vulnerabilities like SQL injection, XSS, and logging of sensitive information. Finally, it promotes learning about mobile security through tools like OWASP iGoat and the speaker's company AppKnox.

MobileTechnology
1 of 37
Download to read offline
iOS (Vulner)ability Subho Halder Co Founder AppKnox
./WhoAmI Co Founder of AppKnox ( XYSec Labs ) Python Lover Sole Creator and Developer of Android Framework for Exploitation (AFE) Found Security Bugs in Apple, Google, Skype, Webkit, Facebook, Microsoft, …..
Security is …… http://xkcd.com/327/
NSLog [@“Agenda”]; Quick overview of iPhone iOS Platform. iOS Security Structure What is a Jailbreak? iOS App (IN)Securities
Peek into a state-of-art Prison
iOS Hardware Architecture Application Processor Baseband iOS User interaction Applications ... NucleusOS Radio communication
iOS Hardware Architecture Application Processor Baseband Processor audio display power managment camera WIFI BT GSM UART I2S
 GPIO
 DMA
 controls sim/net-lock !
Phew, Security Architecture
***[Sandboxing]*** NAND Flash FTL: converts logical partition to NAND flash architecture looks like BLOCK device System Partition / (Read Only) User Partition /private/var NAND FTL Block Device / (RO)
 (System Partition) /private/var (RW)
 (User Partition)
***[Sandboxing]*** 3rd Party lives only on User Partition Apps run as mobile user Kernel Signature checks executables 
 in system-call execve() %{ How did you Jailbreak it? }% NAND FTL Block Device / (RO)
 (System Partition) /private/var (RW)
 (User Partition)
**Memory Protection W^X Policy Non Executable Stack or Heap ASLR (Address Space Layout Randomisation) %{ Did you forget about Return-Oriented-Program }%
Code Signing Implemented inside Kernel Kernel signature checks executables in systemcall execve() Kernel stored on System Partition (kernelcache) Kernel is signature checked before being loaded. %{ Can still be by-passed :/ }%
Encryption @#%$#^% ! Everythong is encrypted Hardware AES Engine Keys derived from hardware keys GID-key UID-key %{Possible to use Jailbreak tools e.g. Syringe to use the hardware engine}%
What is J@!lbr3@k ?
How your iPhone boots up? signature check signature check signature check signature check Bootrom LLB (Low Level Bootloader) iBoot Kernel Application NOR NOR NAND NAND
Recovery Mode? Bootrom LLB (Low Level Bootloader) iBoot signature check signature check Kernel Kernel Ramdisk
DFU Mode ! Bootrom iBSS iBEC Kernel Ramdisk Bootrom LLB (Low Level Bootloader) iBoot Kernel Application minimal
 iBoot
Attacking the chain of trust! signature check Bootrom LLB (Low Level Bootloader) iBoot Kernel Application signature check signature check signature check signature check attack here (cannot be fixed) attack here attack here attack here System Software
Where do we go wrong?
Plists Used by iPhone to store saved properties and data XML Binary (compressed XML) (depreciated) The binary plists need converting, you can use: plutil to convert to XML Property List Editor (in XCode) plists contain all kinds of juicy information. Check for: Cookies, emails, usernames, passwords, sensitive application data, client side role identifiers, protocol handlers, etc.
B00M! :O
INSERT into `SQLite` A lot of iOS applications sensitive data in SQLite3 databases on the device. Sqlite3 does not have built-in support for encryption. There are extensions (CEROD is one, sqlcipher is another) that support encryption, but the code is not publicly available, you need to license it. Apple has not, so the included version of sqlite3 does not support encrypted databases. Still dangerous to store stuff client side. To bypass: Cerod is as simple as looking for “cerod:passwd” or break pointing and pulling out of memory: sqlite3_open(":cerod:passwd:filename.db", &db);
)()()( Keychains )()()( Keychain = Encrypted container for storing sensitive information Smarter devs store passwords and sensitive data using the keychain. Unfortunately with access to a phone and jailbreaking we can decrypt the keychain and dump the contents.
tail -f /var/logs/ iOS Logs lots of data, NSLog especially, They can be viewed after the fact in: ~/Library/Logs/CrashReporter/MobileDevice/<Device name>/private/var/ log/system.log Can be viewed in you mac “console” app under utilities
File Caching m/m/ If the application uses PDF, Excel, or other files it may be possible that these files may have been cached on the device. These can be found at: ~/Library/Application Support/iPhone simulator/x.x.x/ Applications/<application folder>/Documents/temp.pdf
$(`Keyboard Caching`) Keystrokes for predictive spellcheck are stored in: ~/Library/Application Support/iPhone Simulator/x.x.x/Library/Keyboard/ dynamic-text.dat This issue is similar to autocomplete for web browsers. Already disabled for password fields Should be disabled for any potentially sensitive fields (account numbers, SSN, etc, etc…) Set UITextField property autocorrectionType = UITextAutocorrectionNo for mitigation.
Snapshot Caching When in an application and the home button is pushed, the application stores a snapshot (screenshot) in the apps snapshot folder ~/Library/Application Support/iPhone Simulator/x.x.x/Applications/ <application folder>/Library/Caches/Snapshots/ These persist until reboot. Hopefully you weren’t on a screen with any sensitive data!
Snapshot Caching
SQL Injection Client-Side SQL injection is a problem on the client side too! BAD: NSString *sql = [NSString stringWithFormat:@"SELECT name FROM products WHERE id = '%@'", id]; const char *query = [sql UTF8String]; GOOD: const char *sql = "SELECT name FROM products WHERE id = ?"; sqlite3_prepare_v2(database, sql, -1, &sql_statement, NULL); sqlite3_bind_text(&sql_statement, 1, id, -1, SQLITE_TRANSIENT);
XSS Client-Side Can occur whenever user controlled Objective C variables populated in to WebView stringByEvaluatingJavaScriptFromString 
 
 NSString *javascript = [[NSString alloc] initWithFormat:@"var myvar="%@";", username]; 
 [mywebView stringByEvaluatingJavaScriptFromString:javascript];
Vulnerable Obj-C Methods NSLog() [NSString stringWithFormat:] [NSString initWithFormat:] [NSMutableString appendFormat:] [NSAlert informativeTextWithFormat:] [NSPredicate predicateWithFormat:] [NSException format:] NSRunAlertPanel
How can you get started? https://www.owasp.org/index.php/OWASP_iGoat_Project
AppKnox - Cloud Based Security Automation Tool
Available for Android Coming soon for iOS
–Cicero “There is no castle so strong that it cannot be overthrown”
Thank You https://www.appknox.com http://subho.me @sunnyrockzzs subho.halder@gmail.com

Recommended

iOS Security
iOS SecurityiOS Security
iOS SecurityBruno Rocha
 
File system in iOS
File system in iOSFile system in iOS
File system in iOSPurvik Rana
 
iOS Forensics
iOS Forensics iOS Forensics
iOS Forensics Tjylen Veselyj
 
iPhone forensics on iOS5
iPhone forensics on iOS5iPhone forensics on iOS5
iPhone forensics on iOS5Satish b
 
Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Satish b
 
Ios forensics
Ios forensicsIos forensics
Ios forensicsKamal Patel
 
Security in iOS
Security in iOSSecurity in iOS
Security in iOSClement Prem
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOSKai Aras
 

Recommended

iOS Security
iOS SecurityiOS Security
iOS SecurityBruno Rocha
 
File system in iOS
File system in iOSFile system in iOS
File system in iOSPurvik Rana
 
iOS Forensics
iOS Forensics iOS Forensics
iOS Forensics Tjylen Veselyj
 
iPhone forensics on iOS5
iPhone forensics on iOS5iPhone forensics on iOS5
iPhone forensics on iOS5Satish b
 
Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Satish b
 
Ios forensics
Ios forensicsIos forensics
Ios forensicsKamal Patel
 
Security in iOS
Security in iOSSecurity in iOS
Security in iOSClement Prem
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOSKai Aras
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Hacking and Securing iOS Applications
Hacking and Securing iOS ApplicationsHacking and Securing iOS Applications
Hacking and Securing iOS Applicationsn|u - The Open Security Community
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetBrent Muir
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesÖmer Coşkun
 
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...PROIDEA
 
Pwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriPwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriOWASP Delhi
 
iOS Application Security And Static Analysis.pdf
iOS Application Security And Static Analysis.pdfiOS Application Security And Static Analysis.pdf
iOS Application Security And Static Analysis.pdfCyber security professional services- Detox techno
 
Firefox security (prasanna)
Firefox security (prasanna) Firefox security (prasanna)
Firefox security (prasanna) ClubHack
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 
OWASP for iOS
OWASP for iOSOWASP for iOS
OWASP for iOSPhineas Huang
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android AppsAbdelhamid Limami
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Ios file management
Ios file managementIos file management
Ios file managementRajeev Venkata
 
Userland Hooking in Windows
Userland Hooking in WindowsUserland Hooking in Windows
Userland Hooking in WindowsHigh-Tech Bridge SA (HTBridge)
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side AnalysisAadarsh N
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)Reality Net System Solutions
 
Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013Virtue Security
 

More Related Content

Similar to iOS (Vulner)ability: A Guide to Exploiting Security Flaws

Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetBrent Muir
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesÖmer Coşkun
 
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...PROIDEA
 
Pwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriPwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriOWASP Delhi
 
Firefox security (prasanna)
Firefox security (prasanna) Firefox security (prasanna)
Firefox security (prasanna) ClubHack
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side AnalysisAadarsh N
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)Reality Net System Solutions
 
Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013Virtue Security
 

Similar to iOS (Vulner)ability: A Guide to Exploiting Security Flaws (20)

Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Hacking and Securing iOS Applications
Hacking and Securing iOS ApplicationsHacking and Securing iOS Applications
Hacking and Securing iOS Applications
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applications
 
Mobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring BudgetMobile Forensics on a Shoestring Budget
Mobile Forensics on a Shoestring Budget
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic Techniques
 
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
 
Pwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit GiriPwning Windows Mobile applications by Ankit Giri
Pwning Windows Mobile applications by Ankit Giri
 
iOS Application Security And Static Analysis.pdf
iOS Application Security And Static Analysis.pdfiOS Application Security And Static Analysis.pdf
iOS Application Security And Static Analysis.pdf
 
Firefox security (prasanna)
Firefox security (prasanna) Firefox security (prasanna)
Firefox security (prasanna)
 
Mobile security
Mobile securityMobile security
Mobile security
 
OWASP for iOS
OWASP for iOSOWASP for iOS
OWASP for iOS
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Ios file management
Ios file managementIos file management
Ios file management
 
Userland Hooking in Windows
Userland Hooking in WindowsUserland Hooking in Windows
Userland Hooking in Windows
 
iOS Client Side Analysis
iOS Client Side AnalysisiOS Client Side Analysis
iOS Client Side Analysis
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
 
BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)BYOM Build Your Own Methodology (in Mobile Forensics)
BYOM Build Your Own Methodology (in Mobile Forensics)
 
Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013Virtue Security - The Art of Mobile Security 2013
Virtue Security - The Art of Mobile Security 2013
 

iOS (Vulner)ability: A Guide to Exploiting Security Flaws

  • 2.
  • 3. ./WhoAmI Co Founder of AppKnox ( XYSec Labs ) Python Lover Sole Creator and Developer of Android Framework for Exploitation (AFE) Found Security Bugs in Apple, Google, Skype, Webkit, Facebook, Microsoft, …..
  • 5. NSLog [@“Agenda”]; Quick overview of iPhone iOS Platform. iOS Security Structure What is a Jailbreak? iOS App (IN)Securities
  • 6. Peek into a state-of-art Prison
  • 7. iOS Hardware Architecture Application Processor Baseband iOS User interaction Applications ... NucleusOS Radio communication
  • 8. iOS Hardware Architecture Application Processor Baseband Processor audio display power managment camera WIFI BT GSM UART I2S
 GPIO
 DMA
 controls sim/net-lock !
  • 10. ***[Sandboxing]*** NAND Flash FTL: converts logical partition to NAND flash architecture looks like BLOCK device System Partition / (Read Only) User Partition /private/var NAND FTL Block Device / (RO)
 (System Partition) /private/var (RW)
 (User Partition)
  • 11. ***[Sandboxing]*** 3rd Party lives only on User Partition Apps run as mobile user Kernel Signature checks executables 
 in system-call execve() %{ How did you Jailbreak it? }% NAND FTL Block Device / (RO)
 (System Partition) /private/var (RW)
 (User Partition)
  • 12. **Memory Protection W^X Policy Non Executable Stack or Heap ASLR (Address Space Layout Randomisation) %{ Did you forget about Return-Oriented-Program }%
  • 13. Code Signing Implemented inside Kernel Kernel signature checks executables in systemcall execve() Kernel stored on System Partition (kernelcache) Kernel is signature checked before being loaded. %{ Can still be by-passed :/ }%
  • 14. Encryption @#%$#^% ! Everythong is encrypted Hardware AES Engine Keys derived from hardware keys GID-key UID-key %{Possible to use Jailbreak tools e.g. Syringe to use the hardware engine}%
  • 16. How your iPhone boots up? signature check signature check signature check signature check Bootrom LLB (Low Level Bootloader) iBoot Kernel Application NOR NOR NAND NAND
  • 18. DFU Mode ! Bootrom iBSS iBEC Kernel Ramdisk Bootrom LLB (Low Level Bootloader) iBoot Kernel Application minimal
 iBoot
  • 19. Attacking the chain of trust! signature check Bootrom LLB (Low Level Bootloader) iBoot Kernel Application signature check signature check signature check signature check attack here (cannot be fixed) attack here attack here attack here System Software
  • 20. Where do we go wrong?
  • 21. Plists Used by iPhone to store saved properties and data XML Binary (compressed XML) (depreciated) The binary plists need converting, you can use: plutil to convert to XML Property List Editor (in XCode) plists contain all kinds of juicy information. Check for: Cookies, emails, usernames, passwords, sensitive application data, client side role identifiers, protocol handlers, etc.
  • 23. INSERT into `SQLite` A lot of iOS applications sensitive data in SQLite3 databases on the device. Sqlite3 does not have built-in support for encryption. There are extensions (CEROD is one, sqlcipher is another) that support encryption, but the code is not publicly available, you need to license it. Apple has not, so the included version of sqlite3 does not support encrypted databases. Still dangerous to store stuff client side. To bypass: Cerod is as simple as looking for “cerod:passwd” or break pointing and pulling out of memory: sqlite3_open(":cerod:passwd:filename.db", &db);
  • 24. )()()( Keychains )()()( Keychain = Encrypted container for storing sensitive information Smarter devs store passwords and sensitive data using the keychain. Unfortunately with access to a phone and jailbreaking we can decrypt the keychain and dump the contents.
  • 25. tail -f /var/logs/ iOS Logs lots of data, NSLog especially, They can be viewed after the fact in: ~/Library/Logs/CrashReporter/MobileDevice/<Device name>/private/var/ log/system.log Can be viewed in you mac “console” app under utilities
  • 26. File Caching m/m/ If the application uses PDF, Excel, or other files it may be possible that these files may have been cached on the device. These can be found at: ~/Library/Application Support/iPhone simulator/x.x.x/ Applications/<application folder>/Documents/temp.pdf
  • 27. $(`Keyboard Caching`) Keystrokes for predictive spellcheck are stored in: ~/Library/Application Support/iPhone Simulator/x.x.x/Library/Keyboard/ dynamic-text.dat This issue is similar to autocomplete for web browsers. Already disabled for password fields Should be disabled for any potentially sensitive fields (account numbers, SSN, etc, etc…) Set UITextField property autocorrectionType = UITextAutocorrectionNo for mitigation.
  • 28. Snapshot Caching When in an application and the home button is pushed, the application stores a snapshot (screenshot) in the apps snapshot folder ~/Library/Application Support/iPhone Simulator/x.x.x/Applications/ <application folder>/Library/Caches/Snapshots/ These persist until reboot. Hopefully you weren’t on a screen with any sensitive data!
  • 30. SQL Injection Client-Side SQL injection is a problem on the client side too! BAD: NSString *sql = [NSString stringWithFormat:@"SELECT name FROM products WHERE id = '%@'", id]; const char *query = [sql UTF8String]; GOOD: const char *sql = "SELECT name FROM products WHERE id = ?"; sqlite3_prepare_v2(database, sql, -1, &sql_statement, NULL); sqlite3_bind_text(&sql_statement, 1, id, -1, SQLITE_TRANSIENT);
  • 31. XSS Client-Side Can occur whenever user controlled Objective C variables populated in to WebView stringByEvaluatingJavaScriptFromString 
 
 NSString *javascript = [[NSString alloc] initWithFormat:@"var myvar="%@";", username]; 
 [mywebView stringByEvaluatingJavaScriptFromString:javascript];
  • 32. Vulnerable Obj-C Methods NSLog() [NSString stringWithFormat:] [NSString initWithFormat:] [NSMutableString appendFormat:] [NSAlert informativeTextWithFormat:] [NSPredicate predicateWithFormat:] [NSException format:] NSRunAlertPanel
  • 33. How can you get started? https://www.owasp.org/index.php/OWASP_iGoat_Project
  • 34. AppKnox - Cloud Based Security Automation Tool
  • 36. –Cicero “There is no castle so strong that it cannot be overthrown”