Discover all the security risks and exploits that can threaten iOS-based mobile devicesiOS is Apple's mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it. Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks workExplores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacksAlso examines kernel debugging and exploitation Companion website includes source code and tools to facilitate your effortsiOS Hacker's Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.
Cited By
Deshotels L, Deaconescu R, Carabas C, Manda I, Enck W, Chiroiu M, Li N and Sadeghi A iOracle Proceedings of the 2018 on Asia Conference on Computer and Communications Security, (117-131)- D'Orazio C, Lu R, Choo K and Vasilakos A (2017). A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps, Applied Mathematics and Computation, 293:C, (523-544), Online publication date: 15-Jan-2017.
- Deshotels L, Deaconescu R, Chiroiu M, Davi L, Enck W and Sadeghi A SandScout Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, (704-716)
- Yuan X, He W, Yang L and Simpkins L Teaching Security Management for Mobile Devices Proceedings of the 17th Annual Conference on Information Technology Education, (14-19)
- Zheng M, Xue H, Zhang Y, Wei T and Lui J Enpublic Apps Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, (463-474)
- Lu K, Xiong S and Gao D RopSteg Proceedings of the 4th ACM conference on Data and application security and privacy, (265-272)
- Wang T, Jang Y, Chen Y, Chung S, Lau B and Lee W On the feasibility of large-scale infections of iOS devices Proceedings of the 23rd USENIX conference on Security Symposium, (79-93)
- Cook T, Jaramillo D, Katz N, Bodin B, Cooper S, Becker C, Smart R and Lu C (2013). Mobile innovation applications for the BYOD enterprise user, IBM Journal of Research and Development, 57:6, (6-6), Online publication date: 1-Nov-2013.
Index Terms
- iOS Hacker's Handbook
Recommendations
Carla Iran SanchezAguilar
With the extensive use of iOS devices all over the world, threats become more harmful. Think of a monoculture in food production: natural plagues become real menaces to subsistence when larger and larger tracts of land are dedicated to one single crop. In the past, OS X has been shown to have serious security gaps. As time has passed and Apple has gained more experience and further developed its iOS mobile platform, many of these gaps have been closed, although new ones have been created. This book shows how iOS devices have acquired more effective mechanisms to avoid security attacks. In each chapter, the authors first describe a security building block in detail, and then detail the flaws found and ways a hacker could use each one to cause the most damage. The book starts with a quick overview of the approaches Apple has taken to counteract the most important weaknesses of its security architecture. The authors go on to describe how iOS is deployed to access sensitive enterprise data, and make some specific recommendations to information technology (IT) administrators on how to manage remote access from personally owned devices and from company-provided devices. The next chapter shows how the encryption application programming interface (API) works and how developers can make the most out of this interface to provide secure apps. It also gives some tips on how to mess up with four-digit codes. Code signing is the topic of the next chapter. Chapter 5 explains how sandboxing works and discusses alternatives to extract profiles to examine their permissions. In chapter 6, the authors describe how to "fuzz" with default iOS applications to find vulnerabilities, which involves sending slightly erroneous data to an app to test its reactions. The next four chapters build on the subject, showing how to take advantage of the vulnerabilities discovered to build successful exploits while bypassing security mechanisms such as address space layout randomization, for example. The book is based on iOS 5 and one can only assume and hope that the strategies, vulnerabilities, and tricks provided in the book will have limited success in newer versions of this platform. The authors give readers the ability to test every piece of code and every configuration. There is one major drawback: any test devices must be jailbroken. The authors contend that if readers know the areas of weakness, they will eventually learn from them and find strategies to deal with them. For those interested in improving the security of the environment, this is a must read, but one does wonder about the logic of publicizing ways to take advantage of these vulnerabilities. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.