Book Announcement!

Posted on January 6, 2012 by Jonathan Zdziarski


Hacking and Securing iOS Applications
Stealing Data, Hijacking Software, and How to Prevent It
By Jonathan Zdziarski
Publisher: O’Reilly Media
Released: January 2012 (est.)
Pages: 356
[ Amazon | O'Reilly ]


In order to defeat criminals, developers must first learn to think like criminals. Based on unique and previously undocumented research, this book by noted iOS expert Jonathan Zdziarski shows the numerous weaknesses that exist in typical iPhone and iPad apps, and how criminals exploit them to steal confidential information, empty out bank accounts, and hijack applications. In this book, Zdziarski shows developers where many exploitable flaws exist in their code in a clear, direct, and immediately applicable style. More importantly, this book will teach the reader how to take this knowledge and write more secure code to make breaching your applications more difficult. Black hat topics cover manipulating the Objective-C runtime, debugger abuses, hijacking SSL, breaking iOS’ keychain and file system encryption, and even social engineering. White hat topics cover properly implemented encryption, CA-independent PKI, detecting and preventing debugging, infection testing, dynamic linker validation, jailbreak detection, and much more.

Hacking and Securing iOS Applications is geared toward software engineers, corporate and government security auditors, penetration testers, and any developer looking to write more secure applications. With the App Store reaching over a half-million applications, tools that work with personal or confidential data are becoming increasingly popular. Developers will greatly benefit from Jonathan’s book by learning about all of the weaknesses of iOS and the Objective-C environment. Whether you’re developing credit card payment processing applications, banking applications, applications for government use, or any other kind of software that works with confidential data, Hacking and Securing iOS Applications is a must-read for those who take secure programming seriously.

Posted in Forensics, iPhone, Security | Leave a comment

Your True Identity

Posted on January 1, 2012 by Jonathan Zdziarski

With the new year beginning today, I’d thought about making some New Year’s resolutions. Pausing for moment to reflect on this, it occurred to me that we tend to use resolutions as layers of band-aids to put over other layers of band-aids, which ultimately cover cuts and wounds we’ve been licking our whole life. Every year, we find new things we don’t like about ourselves or in our lives that we wish we could change, and attempt to cover over them with these fresh bandages we call resolutions. The problem with this is that we stay the same old, wounded, tattered person and underneath all of these layers is just rotting flesh.

This year, I’m doing something different.

Continue reading

Posted in Christianity, Essays | Leave a comment

On Christianity

Posted on December 20, 2011 by Jonathan Zdziarski

I’ve often been asked why an intellectual type guy such as myself would believe in God – a figure most Americans equate to a good bedtime story, or a religious symbol for people who need that sort of thing. Quite the contrary, what I’ve discovered over the past fifteen years of being a Christian is that it is highly intellectually stimulating to strive to understand God, and that my faith provides a thought-provoking and captivating relationship with the God who created mankind. I wasn’t raised in a Christian home, nor did I have any real preconceived notions about concepts such as church or the Bible. I, like most individuals, didn’t really know who Jesus was for the first twenty years of my life – all I had surmised was that He was a religious symbol for religious people.

Continue reading

Posted in Christianity, Essays | Leave a comment

Next Class: Jan 9-10 2012 Cleveland, OH

Posted on October 7, 2011 by Jonathan Zdziarski

Advanced iOS Forensic Imaging and Investigation L-1
January 9-10, Cleveland OH
[ Register Here ]

Join us as Jonathan Zdziarski, author, forensic scientist and iOS forensics expert, leads your organization’s law enforcement or security professionals through the delicate process of recovering and processing evidence stored on these devices. This advanced, two-day course will guide your investigators, hands on, through imaging and electronic discovery of an iPhone, iPhone 3G, iPhone 3G[s], iPhone 4, and iPad 1 devices covering iOS and desktop trace up to and including iOS 5.0 firmware. Attendees will receive a special law enforcement forensics guide and access to the tools used in the field by thousands of law enforcement agencies world wide. All tools and classroom content will be provided to attendees on a USB stick so students can learn and explore hands-on. This course has undergone numerous transformations to make it continually the #1 forensics course for iOS based devices.

Posted in General | Leave a comment

OnStar Reverses Privacy Decision: Or Did They?

Posted on September 27, 2011 by Jonathan Zdziarski

OnStar today announced the reversal of their original decision to keep the customer’s data connection active to their vehicle after canceling service. The verbiage in the press release is ambiguous, however, and poses the question of whether OnStar is going to amend that specific portion of their new terms and conditions, or if they’re scrapping their new terms of conditions entirely.

If OnStar is only modifying this portion of their updated terms and conditions, then a major problem still exists: namely, the updated T&C, scheduled to go into effect in December 2011, would still grant OnStar broad new rights to collect the GPS positioning information about active customers, “for any purpose, at any time” and would still reserve OnStar the rights to sell access to this data to third parties.

Continue reading

Posted in General | Leave a comment

OnStar Begins Spying On Customers’ GPS Location For Profit?

Posted on September 20, 2011 by Jonathan Zdziarski

I canceled the OnStar subscription on my new GMC vehicle today after receiving an email from the company about their new terms and conditions. While most people, I imagine, would hit the delete button when receiving something as exciting as new terms and conditions, being the nerd sort, I decided to have a personal drooling session and read it instead. I’m glad I did. OnStar’s latest T&C has some very unsettling updates to it, which include the ability to now collect your GPS location information and speed “for any purpose, at any time”. They also have apparently granted themselves the ability to sell this personal information, and other information to third parties, including law enforcement. To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling. This could mean that if you buy a used car with OnStar, or even a new one that already has been activated by the dealer, your location and other information may get tracked by OnStar without your knowledge, even if you’ve never done business with OnStar.

Continue reading

Posted in Politics, Security | 15 Comments

iOS Forensic Tools Update

Posted on August 26, 2011 by Jonathan Zdziarski

The 0826 iOS forensic imaging tools are available on http://www.iosresearch.org, along with an updated manual. I have customized a set of tools contributed by jan0 (@0naj). The “EMF Undelete” tool scrapes the HFS+ Journal for keys to deleted files, allowing limited deleted file recovery. The “EMF Decrypter” tool is a new version of the formerly buggy decryption tool used to decrypt an iOS 4 file system.

I’ve also made some updates to my keychain decrypter, which now uses a cleaner file format when obtaining keys from the iOS device.

The EMF tools are available in a separate directory named Crypto and are relatively easy to use. They are supported in both Linux and OSX. See the end of Chapter 3 for step by step instructions.

These and all forensic tools on the website are FREE for full time, active sworn law enforcement. See the website for more details or to register.

Posted in General | Leave a comment

Undelete SMS for iPhone: Now in Cydia!

Posted on July 26, 2011 by Jonathan Zdziarski

Available exclusively in the Cydia Store

Delete an important text? Need to get it back? Undelete SMS scrapes your SMS database or Spotlight history for deleted records and recovers them! Displayed in plain text, you can copy the texts you want and stick them in a note, email, etc.

Note: Undelete SMS is a forensic recovery tool, and is not guaranteed to recover all or any deleted content. Undelete SMS analyzes remnant deleted data that has not yet been overwritten by new data. While Undelete SMS can often produce useful results from an actively used phone, or backup restored from an actively used phone, it will not produce results on a freshly restored phone without a backup. Depending on user behavior, Undelete SMS may retrieve varying levels of data, including possibly no data. Undelete SMS is a utility, and not a guarantee.

Posted in General | 3 Comments

National Institute of Justice Validates Zdziarski Method

Posted on June 2, 2011 by Jonathan Zdziarski

Rick Ayers at NIST has validated the iPhone forensics tools law enforcement have been using for a few years now. This is quite an honor, not only to know that the tools are considered sound by a government standards entity, but also that this research has been important enough to the community for it to be tested in the first place. The tools are where they are today thanks to some of the great contributions from both the law enforcement and iPhone development community. A special thanks to Joshua Hill (posixninja), who has helped to craft some of the latest injection techniques.

NIJ Special Report: Test Results for Mobile Device Acquisition Tool: Zdziarski's Method ]

Posted in Forensics, iPhone | Leave a comment

Ballistic Compatibility Issues Fixed

Posted on April 7, 2011 by Jonathan Zdziarski

For those of you using Ballistic or Ballistic FTE (Thanks!), I’ve fixed an issue with v2.5.0, which caused the software to crash on older versions of iOS firmware. Apple’s new printing support, when added, causes the application to crash on older versions, as the symbols are missing from the library. Fortunately, I was able to get a hold of an old 3.x iPhone to fix the problem. I had to change a compiler flag to do what’s called a weak link, so that this wouldn’t cause older versions of iOS to crash.. if you have newer versions of iOS, you’ll get a “Print” option when viewing trajectory output and ballistics charts. Version 2.5.1 will address these issues. The FTE version has already been approved by Apple.

After investing hundreds of hours in Ballistic, I was quite shocked to see how fast customers will turn on you and leave crummy reviews over a bug. It really hurts developers’ confidence in their user base and makes them consider dropping the project. Fortunately, I have an abundance of great users to keep me motivated, which make up for the few I wish I didn’t have that suck the life out of me.

Posted in General | Leave a comment