Apple iOS Certificate Tomfoolery

Presented at ShmooCon IX (2013), Unknown date/time (Unknown duration)

Mobile devices rely on many complex systems for security, reintroducing mistakes in implementation and design that are reminiscent of the 1990's. Certificate trust and validation checking is one area of critical importance, yet iOS fails to implement controls that are comprehensively effective.

In this One Track Mind session, Tim will present two previously unreleased attacks against Apple iOS certificate validation following several months of intense research. By discussing these flaws, and looking at opportunities to improve the security going forward, Tim will demonstrate that Apple iOS security still has a lot of opportunity for improvement, and that we can all laugh (and cry a little) at the funny mistakes and oversight that turns into significant security flaws.

Presenters:

• Tim Medin
  Tim works for Counter Hack, developing real-world hacking challenges for organizations that need to improve their offensive and defensive security skills. He is a firm believer in the necessity of the conditional operator in every programming language, even though his colleagues think it's unnecessary. Tim is a seasoned presenter, author, and developer, with an unusual affinity for Tom Jones.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2013/ShmooCon 2013 Videos/Apple iOS Certificate Tomfoolery.mp4

Similar Presentations:

• DeepSec 2016 „Ten“ / Offensive iOS Exploitation
• Black Hat USA 2012 / iOS Security
• AppSec USA 2013 / iOS Application Defense - iMAS