Hacking iPhones, iPads

Want to learn how to remotely wipe address books and read private text messages on someone else’s iPhone? Six rockstar hackers and Pwn2Own vets have put to paper everything they know about the iOS operating system, hoping to inspire white hat hackers to experiment with the OS and report vulnerabilities to further tighten the mainstream smartphone OS. The handbook “iOS Hacker’s Guide” begins with a detailed analysis of iOS’s architecture and the numerous security measures Apple quietly built into the OS, such as pervasive sandboxing, app scanning for malware, and code-signing enforcement. But iOS isn’t impenetrable, which is why the book also takes us through a history of 8 iPhone vulnerabilities performed over the last five years and presented in closed-door conferences like Black Hat. The first is Charlie Miller’s 2017 exploit which used the iPhone’s Safari browser to launch code that could read voice and text messages, address books, and call history. The techniques also require more patience than most casual hackers can stomach. For instance, as Miller recently told the Washington Post, 99.99 per cent of the time fuzzing doesn’t expose anything bad. However fuzzing a billion times, as Miller typically does, produces enough interesting, random bugs. Dai Zovi said the point of the book was mostly to help readers understand the security features already built into the OS, as well as its weaknesses. By understanding how to jailbreak the device, users, developers, and IT professionals can better understand the potential risks of storing sensitive data on these devices. “We don’t give out any more detail than what’s already out there,” he added. ‘Apple Is More Secure Than BlackBerry’ Until this year, Apple hardly ever put “iOS” and “security” in the same sentence. It didn’t need to, after all, given the absence of zero-day attacks. Last month it quietly published the Guide to iOS Security, a marketing-vetted paper clearly aimed at simplifying iOS security for IT professionals and CTOs who are now finding themselves tasked with protecting personal iPhone devices. BlackBerry was designed with the enterprise in mind, so remote management is seamless, but “if I had to choose between the two I’d say iOS is slightly better.” “Apple is more locked down, they spend a lot of time making sure you can’t download apps from anywhere except the App Store. It also closely monitors the way apps behave.” “As far as configurability goes, BlackBerry is better. Also BlackBerry gets network traffic through their own servers, whereas iOS uses public networks.” Furthermore, Dai Zovi pointed out, Apple makes it much harder to become an iOS developer. To become an official Apple developer requires a driver’s license, $100, and strict compliance with Apple’s Terms of Service (Miller was suspended for a year after uploading a proof of concept app). But joining Android’s developer ecosystem? $25 and a credit card is all you need. “I think iOS’s walled garden approach will actually work for the next several years,” Dai Zovi said. “Malware is going after Android now because it’s so easy to attack and monetize.” “iOS Hacker’s Handbook,” published by Wiley, was written by: Charlie Miller, a researcher at Accuvant and creator of the first known iPhone exploit back in 2007, Dino Dai Zovi, co-founder and CTO of Trail of Bits, Dionysus Blazakus, a Pwn2Own veteran who researches exploit mitigation techniques,Vincenzo Iozzo, a security researcher at Trail of Bits and best known for BlackBerry exploits, Stefan Esser, founder of the Hardened-PHP Project, and Ralf-Philipp Weinmann, another Pwn2own vet and cryptology expert.