funsec mailing list archives
Preventing Widespread Automated Attacks in iOS
From: Jeffrey Walton <noloader () gmail com>
Date: Sat, 21 Apr 2012 18:29:07 -0400
A real nice three part article by Jonathan Zdziarski on abusing programs in memory using Objective C. Preventing Widespread Automated Attacks in iOS, https://viaforensics.com/iphone-forensics/preventing-widespread-ios-application-infection.html With a hundred million end users, the notion of a widespread attack on Apple iOS devices is tempting to any criminal. The dream (or nightmare) of an attacker somehow targeting potentially millions of always-on, always-connected iOS devices using a large-scale automated attack is quite disconcerting. ... While I’ve discussed a number of ways to circumvent these technologies in my book, this article is going to dig a bit deeper and address automated techniques to steal data from a common place in iOS: memory. What if I told you that I could steal personal information that you don’t even store on your phone, from your phone, while you were using your phone, and be a thousand miles away? The reality is much worse than this, in fact. Should an attacker craft such an automated attack, they could quite possibly modify data as it’s sent TO your financial institution, or other online account, to redirect payments to their own account, or to wreak other forms of havoc, using your own application to do it. ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Preventing Widespread Automated Attacks in iOS Jeffrey Walton (Apr 21)