Review and Exploit Neglected Attack Surfaces in iOS 8

Presented at Black Hat USA 2015, Aug. 6, 2015, 2:30 p.m. (50 minutes)

The security design of iOS significantly reduces the attack surfaces for iOS. Since iOS has gained increasing attention due to its rising popularity, most major attack surfaces in iOS such as mobile safari and IOKit kernel extensions have been well studied and tested. This talk will first review some previously known attacks against these surfaces, and then focus on analyzing and pointing out those neglected attack surfaces. Furthermore, this talk will explore how to apply fuzzing testing and whitebox code auditing to the neglected attack surfaces and share interesting findings. In particular, this talk will disclose POCs for a number of crashes and memory corruption errors in system daemons, which are even triggerable through XPC (a lightweight inter-process communication mechanism) by any app running in the container sandbox, and analyze and share the POC for an out-of-boundary memory access 0day in the latest iOS kernel.

Presenters:

• Xiaobo Chen - PanguTeam
  Xiaobo Chen is a member of the Pangu Team. He used to work as a senior research scientist at FireEye and McAfee. He has participated in network security field since 2000, and has over 15 years experience in network security, and now he focus is on innovative research on software vulnerability and exploitation on Microsoft and Apple systems.
• Hao Xu - PanguTeam   as HAO XU
  Hao Xu is a member of the Pangu Team. He has been involved in information security for over 10 years. His research interest range from OSX/iOS/Windows kernel security, rootkit and malware analysis, hardware virtualization technology, and reverse engineering. He is a regular speaker at Syscan 360, POC, Xcon.
• Tielei Wang - PanguTeam
  Tielei Wang is a member of the Pangu Team. He was a research scientist at the Georgia Institute of Technology from 2012 to 2014 and received his PhD degree in 2011. His research interests include system security, software security, and mobile security. He discovered a number of zero-day vulnerabilities and won the Secunia Most Valued Contributor Award in 2011. He has published many papers in top research conferences including IEEE Security and Privacy, USENIX Security, ACM CCS, and NDSS, and gave several presentations at Black Hat USA, CanSecWest, POC, and XCon.

Links:

• https://www.blackhat.com/us-15/briefings.html#review-and-exploit-neglected-attack-surfaces-in-ios-8
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Review And Exploit Neglected Attack Surfaces In IOS 8.srt (subtitles)
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Review And Exploit Neglected Attack Surfaces In IOS 8.mp4
• https://www.youtube.com/watch?v=E-1k3n0KjNI
• https://www.blackhat.com/docs/us-15/materials/us-15-Wang-Review-And-Exploit-Neglected-Attack-Surface-In-iOS-8.pdf

Tags:

• iOS

Similar Presentations:

• Black Hat USA 2022 / TruEMU: An Extensible, Open-Source, Whole-System iOS Emulator
• DeepSec 2016 „Ten“ / Offensive iOS Exploitation
• AppSec USA 2013 / iOS Application Defense - iMAS