Showing Posts About

Ios

  • 23 Jul 2018

A Guide to Repacking iOS Applications

This technical guide details the process of repacking iOS applications for security research purposes. The methodology covers decrypting application binaries, patching with Frida, generating provisioning profiles, and resigning applications across different scenarios. Key techniques are demonstrated for repacking various types of iOS applications, including those with frameworks, app extensions, and WatchOS companion apps.

Needle: Finding Issues within iOS Applications

Needle is an iOS application security testing tool presented at OWASP AppSec USA 2016. The tool enables comprehensive vulnerability identification in iOS applications through both black-box and white-box testing methodologies. Marco Lancini's presentation detailed Needle's architecture and testing capabilities for finding security issues in mobile applications.

  • 17 Aug 2016

A quick intro to Needle

Needle is an open-source modular framework designed to streamline iOS application security assessments. The tool provides a comprehensive set of modules for binary analysis, storage examination, dynamic analysis, hooking, communications testing, and static code checks. Its modular design allows security professionals to easily conduct thorough iOS app security evaluations.

Fracking With Hybrid Mobile Applications

Dave Hartley's presentation explores the security implications of hybrid mobile applications across multiple platforms. The talk examines how hybrid apps combine web and native application features using frameworks like PhoneGap. It highlights security risks introduced by WebView and cross-platform development approaches that allow web code to access local device resources.

Native Bridge's Over Troubled Water

Mobile security research by Dave Hartley explored vulnerabilities in mobile advertising networks across multiple platforms. The study investigated cross-platform exploitation potential in Windows Phone, Android, Blackberry, and iOS operating systems. Findings focused on identifying security issues within popular mobile ad networks.

  • 5 Jun 2014

Continued Adventures with iOS UIWebViews

This article explores security vulnerabilities in iOS UIWebViews, specifically focusing on custom NSURLProtocol implementations. The research demonstrates how attackers can bypass naive security checks by manipulating HTTP headers and using techniques like XMLHttpRequest to access restricted resources. A proof-of-concept JavaScript payload is presented to illustrate potential exploitation methods for file access and data exfiltration.

  • 27 Nov 2013

Millenial Media Ad Library

A critical vulnerability was discovered in the Millenial Media SDK across mobile platforms. The SDK's WebView implementation allows attackers to perform dangerous actions like file manipulation, clipboard access, audio recording, and cross-application exploitation through malicious JavaScript injection. These security flaws could enable comprehensive mobile device compromise and unauthorized access to sensitive user information.

  • 16 Apr 2012

Adventures with iOS UIWebviews

This article explores security challenges with iOS UIWebviews, focusing on techniques to mitigate risks when loading remote content. It discusses methods for implementing secure WebView interactions, including using SSL/TLS, implementing URL request inspection, and carefully managing content loading to prevent unauthorized access to local resources.