Preventing Widespread Automated Attacks in iOS

Posted on April 11, 2012 by Jonathan Zdziarski

With a hundred million end users, the notion of a widespread attack on Apple iOS devices is tempting to any criminal. The dream (or nightmare) of an attacker somehow targeting potentially millions of always-on, always-connected iOS devices using a large-scale automated attack is quite disconcerting. You might be surprised to know that not only is this possible, but that the threat is also much more serious than that; a skilled virus writer could harvest sensitive financial information, steal account credentials, or other sensitive data from nearly any application running on the device, regardless of what bank, credit card manager, or photo vault you use, and regardless of what storage encryption or passcodes the end user may use on the device. Surprisingly, the basic design of many runtime environments, including iOS, allow for such an effective generalized attack, and this article will demonstrate just how an attacker might go after such a tempting target.

Read more on the viaForensics website.

Posted in Forensics, iPhone, Security | Leave a comment

God Gave Me You

Posted on April 9, 2012 by Jonathan Zdziarski

Life is a journey, and along that road you come to realize more about who you are every day. At the beginning of the year, I gave life a fresh perspective and remembered who I am, and who I’m not. That’s when I met this incredible woman named Jessica, and we quickly fell in love. Jessica has proven to be nothing short of a miracle. She’s healed my past hurts, encourages me, and sees the best in me. In addition to being a highly intelligent college professor and nurse, Jessica is extremely fun loving and has shown to understand the person that I really am. She is an incredibly loving, kind, patient, and understanding woman – who just happens to adore me too. As a proficient writer with an analytical mind, she really gets how I think, how I process, and is able to appreciate all of the things I do in life; not to mention, I love reading her writing too. As a Christian woman, we enjoy a common faith, and take great joy in even the simplest things in life – life is a gift, and whether we’re on an adventure or just relaxing in a cabin in the mountains, we share a wonderful contentment. Jess loves me and loves my children as if they were her own, slow dances with me in the kitchen, is a dork of the same magnitude as me, loves to cook, runs marathons in Alaska, writes, is a skilled photographer, and is relaxed enough to cook out, drink some good beer, and listen to some country. It doesn’t hurt either that she used to model in her spare time. She’s a hopeless romantic as I am, makes me smile so big that I think I might pull a muscle, shares a lot of the same passions as I, and is an honest woman full of integrity that I know I can trust with my life, and with my children’s hearts. It’s a true honor to get to be the guy who spends the rest of my life with her. We’ll be married this June in SC, where she’s from. Yeah, she’s country; that’s the way she was born and raised, she ain’t afraid to stay.

Posted in General | Leave a comment

Hacking and Securing iOS Applications, Using the New Xcode

Posted on April 4, 2012 by Jonathan Zdziarski

Apple’s newest version of Xcode has made a minor change to the location where iPhoneOS platform folder is stored, and thus the iOS cross-compiler and utilities. In order to build the code examples from the book using the latest Xcode, you’ll want to be aware of these changes and make the appropriate tweaks to your environment variables.

The iPhoneOS.platform folder now lives inside the Xcode application folder itself, rather than in /Developer. Its new path is:

/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform

You can set this as your PLATFORM environment variable with the following command:

export PLATFORM=\
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform

You’ll also want to note that the SDK version has changed from 5.0 to 5.1 in this latest version of Xcode, and so to build, be sure to reference the new SDK. For example:

$PLATFORM/Developer/usr/bin/arm-apple-darwin10-llvm-gcc-4.2 \
-c -o injection.o injection.c \
-isysroot $PLATFORM/Developer/SDKs/iPhoneOS5.1.sdk -fPIC

Linking is done using the same new path layout. For example:

$PLATFORM/Developer/usr/bin/arm-apple-darwin10-llvm-gcc-4.2 \
-isysroot $PLATFORM/Developer/SDKs/iPhoneOS5.1.sdk \
-o SaySomething SaySomething.m -lobjc -framework Foundation

That’s it! Just a couple simple changes, and you’re ready to build using the new Xcode. Enjoy!

Posted in Forensics, iPhone, Security | Leave a comment

Book Announcement!

Posted on January 6, 2012 by Jonathan Zdziarski


Hacking and Securing iOS Applications
Stealing Data, Hijacking Software, and How to Prevent It
By Jonathan Zdziarski
Publisher: O’Reilly Media
Released: January 2012 (est.)
Pages: 356
[ Amazon | O'Reilly ]


In order to defeat criminals, developers must first learn to think like criminals. Based on unique and previously undocumented research, this book by noted iOS expert Jonathan Zdziarski shows the numerous weaknesses that exist in typical iPhone and iPad apps, and how criminals exploit them to steal confidential information, empty out bank accounts, and hijack applications. In this book, Zdziarski shows developers where many exploitable flaws exist in their code in a clear, direct, and immediately applicable style. More importantly, this book will teach the reader how to take this knowledge and write more secure code to make breaching your applications more difficult. Black hat topics cover manipulating the Objective-C runtime, debugger abuses, hijacking SSL, breaking iOS’ keychain and file system encryption, and even social engineering. White hat topics cover properly implemented encryption, CA-independent PKI, detecting and preventing debugging, infection testing, dynamic linker validation, jailbreak detection, and much more.

Hacking and Securing iOS Applications is geared toward software engineers, corporate and government security auditors, penetration testers, and any developer looking to write more secure applications. With the App Store reaching over a half-million applications, tools that work with personal or confidential data are becoming increasingly popular. Developers will greatly benefit from Jonathan’s book by learning about all of the weaknesses of iOS and the Objective-C environment. Whether you’re developing credit card payment processing applications, banking applications, applications for government use, or any other kind of software that works with confidential data, Hacking and Securing iOS Applications is a must-read for those who take secure programming seriously.

Posted in Forensics, iPhone, Security | Leave a comment

Your True Identity

Posted on January 1, 2012 by Jonathan Zdziarski

With the new year beginning today, I’d thought about making some New Year’s resolutions. Pausing for moment to reflect on this, it occurred to me that we tend to use resolutions as layers of band-aids to put over other layers of band-aids, which ultimately cover cuts and wounds we’ve been licking our whole life. Every year, we find new things we don’t like about ourselves or in our lives that we wish we could change, and attempt to cover over them with these fresh bandages we call resolutions. The problem with this is that we stay the same old, wounded, tattered person and underneath all of these layers is just rotting flesh.

This year, I’m doing something different.

Continue reading

Posted in Christianity, Essays | 1 Comment

On Christianity

Posted on December 20, 2011 by Jonathan Zdziarski

I’ve often been asked why an intellectual type guy such as myself would believe in God – a figure most Americans equate to a good bedtime story, or a religious symbol for people who need that sort of thing. Quite the contrary, what I’ve discovered over the past fifteen years of being a Christian is that it is highly intellectually stimulating to strive to understand God, and that my faith provides a thought-provoking and captivating relationship with the God who created mankind. I wasn’t raised in a Christian home, nor did I have any real preconceived notions about concepts such as church or the Bible. I, like most individuals, didn’t really know who Jesus was for the first twenty years of my life – all I had surmised was that He was a religious symbol for religious people.

Continue reading

Posted in Christianity, Essays | 1 Comment

Next Class: Jan 9-10 2012 Cleveland, OH

Posted on October 7, 2011 by Jonathan Zdziarski

Advanced iOS Forensic Imaging and Investigation L-1
January 9-10, Cleveland OH
[ Register Here ]

Join us as Jonathan Zdziarski, author, forensic scientist and iOS forensics expert, leads your organization’s law enforcement or security professionals through the delicate process of recovering and processing evidence stored on these devices. This advanced, two-day course will guide your investigators, hands on, through imaging and electronic discovery of an iPhone, iPhone 3G, iPhone 3G[s], iPhone 4, and iPad 1 devices covering iOS and desktop trace up to and including iOS 5.0 firmware. Attendees will receive a special law enforcement forensics guide and access to the tools used in the field by thousands of law enforcement agencies world wide. All tools and classroom content will be provided to attendees on a USB stick so students can learn and explore hands-on. This course has undergone numerous transformations to make it continually the #1 forensics course for iOS based devices.

Posted in General | Leave a comment

OnStar Reverses Privacy Decision: Or Did They?

Posted on September 27, 2011 by Jonathan Zdziarski

OnStar today announced the reversal of their original decision to keep the customer’s data connection active to their vehicle after canceling service. The verbiage in the press release is ambiguous, however, and poses the question of whether OnStar is going to amend that specific portion of their new terms and conditions, or if they’re scrapping their new terms of conditions entirely.

If OnStar is only modifying this portion of their updated terms and conditions, then a major problem still exists: namely, the updated T&C, scheduled to go into effect in December 2011, would still grant OnStar broad new rights to collect the GPS positioning information about active customers, “for any purpose, at any time” and would still reserve OnStar the rights to sell access to this data to third parties.

Continue reading

Posted in General | Leave a comment

OnStar Begins Spying On Customers’ GPS Location For Profit?

Posted on September 20, 2011 by Jonathan Zdziarski

I canceled the OnStar subscription on my new GMC vehicle today after receiving an email from the company about their new terms and conditions. While most people, I imagine, would hit the delete button when receiving something as exciting as new terms and conditions, being the nerd sort, I decided to have a personal drooling session and read it instead. I’m glad I did. OnStar’s latest T&C has some very unsettling updates to it, which include the ability to now collect your GPS location information and speed “for any purpose, at any time”. They also have apparently granted themselves the ability to sell this personal information, and other information to third parties, including law enforcement. To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling. This could mean that if you buy a used car with OnStar, or even a new one that already has been activated by the dealer, your location and other information may get tracked by OnStar without your knowledge, even if you’ve never done business with OnStar.

Continue reading

Posted in Politics, Security | 15 Comments

iOS Forensic Tools Update

Posted on August 26, 2011 by Jonathan Zdziarski

The 0826 iOS forensic imaging tools are available on http://www.iosresearch.org, along with an updated manual. I have customized a set of tools contributed by jan0 (@0naj). The “EMF Undelete” tool scrapes the HFS+ Journal for keys to deleted files, allowing limited deleted file recovery. The “EMF Decrypter” tool is a new version of the formerly buggy decryption tool used to decrypt an iOS 4 file system.

I’ve also made some updates to my keychain decrypter, which now uses a cleaner file format when obtaining keys from the iOS device.

The EMF tools are available in a separate directory named Crypto and are relatively easy to use. They are supported in both Linux and OSX. See the end of Chapter 3 for step by step instructions.

These and all forensic tools on the website are FREE for full time, active sworn law enforcement. See the website for more details or to register.

Posted in General | Leave a comment