Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Identifying Data Leaks in iOS Applications

5.724 Aufrufe

Veröffentlicht am

Nobody wants to deal with a data leak, but iOS applications can unintentionally leak data. Make sure your data is secure by figuring out where the leaks occur so you can be better prepared.

Veröffentlicht in: Mobil, Software, Technologie
  • Reasons why you should know this homemade recipe to stop your hair loss ▲▲▲ https://tinyurl.com/y49r9d8j
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • How can I sharpen my memory? How can I improve forgetfulness? find out more... ♥♥♥ https://tinyurl.com/brainpill101
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Odd carb trick burns up to 1LB per DAY.. How?? .. ◆◆◆ https://bit.ly/2YcYRME
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • How To Cure Acne For Good, Achieve lasting acne freedom Simple proven science of clear skin ■■■ http://scamcb.com/buk028959/pdf
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Discover A Simple Holistic System For Curing Acne Once And For All using 100% Guaranteed All-Natural Method. Click Here ■■■ https://bit.ly/2xJfKi2
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

Identifying Data Leaks in iOS Applications

  1. Identifying Data Leaks in iOS ApplicationS
  2. Many iOS applications unintentionally leak data to other applications or adversaries with access to the filesystem. This typically occurs when a developer uses an API that has side effects the developer is not aware of and, therefore, does not take preventative measures to secure the data.
  3. Here we look at some of the ways a developer using the iOS APIs may inadvertently leak sensitive application data.
  4. lEAKinG DAtA in ApplicAtiOn lOGS
  5. Logging can prove to be a valuable resource for debugging during development. However, in some cases, it can leak sensitive or proprietary information, which is then cached on the device until the next reboot. [20:29:16.6732] requested restore behavior: Update [20:29:16.6743] requested variant: Update [20:29:16.6752] requested restore behavior: Update [20:29:16.6762] failed to find key FDRSupport in variant
  6. iDEntiFYinG pAStEBOARD lEAKAGE
  7. Many developers want to offer users the ability to copy and paste data. If the pasteboard is used to copy sensitive data, depending on how it is implemented, data could be leaked from the pasteboard to other third-party applications.
  8. HAnDlinG ApplicAtiOn StAtE tRAnSitiOnS
  9. When an application is suspended in the background (for example, if the user receives an incoming call), iOS takes a snapshot of the app and stores it in the application’s cache directory. When the application is reopened, the device uses the screenshot to create the illusion that the application loads instantly. Any system that can be paired with the device can access the snapshot. - (void)applicationDidEnterBackground: (UIApplication *)application
  10. KEYBOARD cAcHinG
  11. iOS customizes the autocorrect feature by caching input that is typed into the device’s keyboard. Almost every non-numeric word is cached on the filesystem in plaintext in the keyboard cache file. This means that application data you wouldn’t want to be cached—such as usernames, passwords, and answers to security questions—could be inadvertently stored in the keyboard cache. WQ E R T Y U I O P password1pass passing
  12. Http RESpOnSE cAcHinG
  13. To display a remote website, an iOS application often uses a UIWebView to render the HTML content. Depending on how the URL loading is implemented, a UIWebView can cache server responses to the local filesystem. When sensitive content is returned in server responses, it could potentially be stored in the cache database. cfurl_cache_blobdata cfurl_cache_response cfurl_cache_receiver_data cfurl_cache_schema_version
  14. The Mobile Application Hacker’s Handbook by Dominic chell, tyrone Erasmus, Shaun colley, and Ollie Whitehouse about iOS application vulnerabilities and how to write secure iOS apps in Find out more

×