[funsec] Preventing Widespread Automated Attacks in iOS
noloader at gmail.com
Sat Apr 21 17:29:07 CDT 2012
A real nice three part article by Jonathan Zdziarski on abusing
programs in memory using Objective C.
Preventing Widespread Automated Attacks in iOS,
With a hundred million end users, the notion of a widespread attack on
Apple iOS devices is tempting to any criminal. The dream (or
nightmare) of an attacker somehow targeting potentially millions of
always-on, always-connected iOS devices using a large-scale automated
attack is quite disconcerting.
While I’ve discussed a number of ways to circumvent these technologies
in my book, this article is going to dig a bit deeper and address
automated techniques to steal data from a common place in iOS: memory.
What if I told you that I could steal personal information that you
don’t even store on your phone, from your phone, while you were using
your phone, and be a thousand miles away? The reality is much worse
than this, in fact. Should an attacker craft such an automated attack,
they could quite possibly modify data as it’s sent TO your financial
institution, or other online account, to redirect payments to their
own account, or to wreak other forms of havoc, using your own
application to do it.
More information about the funsec