New Age Attacks Against Apple'S Ios (And Countermeasures) presented at Blackhat Europe 2011

by Nitesh Dhanjani (Ernst & Young ),

Tags: Security

Summary : A single vulnerability in any one of the applications in Apple's app store can result in devastating implications for the millions of iOS users (iPhones and iPads).
In this presentation, we will take a look some interesting application level attacks techniques against iOS. More specifically, we will cover:
+ UI Spoofing attacks against Safari and the UIWebView component in the iOS SDK.
+ How insecurely designed URL scheme handlers can be abused by rogue web applications to perform arbitrary transactions like launching arbitrary phone calls.
+ Abuse of Apple's push messaging system and it's implications.
+ Attacks against insecure storage and network activity.
Our discussion will also include a look at attacks against popular apps in Apple's App Store, and what developers can do to protect against such vulnerabilities.