Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices

Presented at HOPE X (2014), July 18, 2014, 4 p.m. (60 minutes)

The iOS operating system has long been a subject of interest among the forensics and law enforcement communities. With a large base of interest among consumers, it has become the target of many hackers and criminals alike, with many celebrity thefts of data raising awareness of personal privacy. Recent revelations exposed the use (or abuse) of operating system features in the surveillance of targeted individuals by the NSA, of whom some subjects appear to be American citizens. This talk identifies the most probable techniques that were used, based on the descriptions provided by the media, as well as today's possible techniques that could be exploited in the future, based on what may be back doors, bypass switches, general weaknesses, or surveillance mechanisms intended for enterprise use in current release versions of iOS. More importantly, several services and mechanisms will be identified that can be abused by a government agency or malicious party to extract intelligence on a subject, including services that may, in fact, be back doors introduced by the manufacturer. A number of techniques will also be examined in order to harden the operating system against attempted espionage, including counter-forensics techniques.

Presenters:

• Jonathan Zdziarski
  Jonathan Zdziarski is considered to be among the foremost experts in iOS related digital forensics and security. As an iOS security expert in the field (sometimes known as the hacker NerveGas), his research into the iPhone has pioneered many modern forensic methodologies used today, and has been validated by the United States' National Institute of Justice. Jonathan has extensive experience as a forensic scientist and security researcher specializing in reverse engineering, research and development, and penetration testing, and has performed a number of red-team penetration tests for financial and government sector clients. He frequently consults with law enforcement and military on high profile cases and assists federal, state, and local agencies in their forensic investigations, and has trained many federal, state and local agencies internationally. He has written several books related to the iPhone including iPhone Forensics, iPhone SDK Application Development, iPhone Open Application Development, and his latest, Hacking and Securing iOS Applications.

Links:

• http://x.hope.net/schedule.html#identifyin
• https://www.youtube.com/watch?v=QiTT_VCJrAg

Tags:

• iOS

Similar Presentations:

• Black Hat USA 2022 / TruEMU: An Extensible, Open-Source, Whole-System iOS Emulator
• Black Hat Europe 2018 / The Last Line of Defense: Understanding and Attacking Apple File System on iOS
• Black Hat USA 2011 / Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption