1. InfoconDB
  2. OWASP
  3. AppSec USA 2014
  4. iOS App Integrity: Got Any?

iOS App Integrity: Got Any?

Presented at AppSec USA 2014, Sept. 18, 2014, 1 p.m. (45 minutes)

iOS apps are vulnerable to static analysis and attack through binary code patching. Incorporating jailbreak and debugger detection algorithms can be rendered useless with a quick binary patch. Once patched the app can be further exploited, its app data stolen, and even cloned. The iMAS research team, the team that brought Encrypted CoreData (ECD) to Github open source, has your back! At this talk we will introduce open source Encrypted Code Modules (ECM) as a technique to protect sensitive enterprise iOS applications. Using ECM as the base we will demonstrate an iOS app anti-tamper technique that is considerably more resistant to patching. We will walk through this step-by-step process to make your iOS apps more secure and … authentic.


Presenters:

  • Gavin Black - Lead Software Engineer - MITRE
    Gavin Black is a lead software engineer working for the MITRE Corp, a federal research and development center. Currently he has been focused on software security and systems defense. Part of those efforts include researching and developing controls to mitigate weaknesses in iOS mobile applications. He's also working with the Common Vulnerability and Exposures (CVE) analyst toolchain, attempting to streamline the process and modernize the end-to-end software.
  • Gregg Ganley - Principal Investigator iOS Security Research - MITRE Corp
    23+ software development and management experience Education: MSCS, BSEE. Active research and development in iOS security, Android development, Ruby on Rails web apps, and project leadership. For the past five years his passion has been in the mobile field and in particular mobile security where he is the Principal Investigator of iMAS (iOS Mobile Application Security) a collaborative research project from the MITRE Corporation focused on open source iOS security controls. iMAS currently has thirteen (13) security controls open sourced on github - ready for download and use! Click here for more - http://project-imas.github.io

Links:

Similar Presentations: