Mobile devices rely on many complex systems for security, reintroducing mistakes in implementation and design that are reminiscent of the 1990's. Certificate trust and validation checking is one area of critical importance, yet iOS fails to implement controls that are comprehensively effective.
In this One Track Mind session, Tim will present two previously unreleased attacks against Apple iOS certificate validation following several months of intense research. By discussing these flaws, and looking at opportunities to improve the security going forward, Tim will demonstrate that Apple iOS security still has a lot of opportunity for improvement, and that we can all laugh (and cry a little) at the funny mistakes and oversight that turns into significant security flaws.