InfoconDB

Presented at Objective by the Sea version 5.0 (2022), Oct. 6, 2022, 2:30 p.m. (25 minutes)

"$ sudo ls ~/Desktop: Operation not permitted". To protect your privacy, Apple introduced Transparency, Consent, and Control (TCC) framework that restricts access to sensitive personal resources: documents, camera, microphone, emails, and more. Granting such access requires authorization, and the mechanism's main design concern was clear user consent. \n\n I have co-presented extensive research on abusing the TCC mechanisms at Black Hat USA 2021 but this time we won't be exploiting the TCC directly. Why keep attacking the TCC when iCloud stores tons of macOS users' secrets?! Default configuration makes Mac synchronize a lot of data. Don't you have your iMessages/Photos/Calendars/Reminders/Notes accessible from iCloud? Good, because you're protecting your privacy… but most users don't. :-) \n\n The presentation will share brand-new research on abusing Apple's iCloud to get access to the users' privacy-sensitive data. All that from malicious applications' perspective without any additional permissions.

Presenters:

Wojciech Reguła - Principal Security Consultant at SecuRing as Wojciech Regula
Wojciech Reguła is a Principal Security Consultant working at SecuRing. He specializes in application security on Apple devices. He created the iOS Security Suite - an opensource anti-tampering framework. He is a Bugcrowd MVP that found vulnerabilities in Apple, Facebook, Malwarebytes, Slack, Atlassian, and others. \n\n In his free time, he runs an infosec blog - https://wojciechregula.blog and shared research on among others Black Hat (USA), Objective by the Sea (USA), AppSec Global (Israel), AppSec EU (United Kingdom), CONFidence (Poland), NULLCON (India).

What Happens on your mac, Stays on Apple's iCloud?! Bypassing mac Privacy Mechanisms

Presenters:

Links:

Similar Presentations: