iOS App Integrity: Got Any? presented at AppSecUSA 2014

by Gregg Ganley, Gavin Black,

Summary : iOS apps are vulnerable to static analysis and attack through binary code patching. Incorporating jailbreak and debugger detection algorithms can be rendered useless with a quick binary patch. Once patched the app can be further exploited, its app data stolen, and even cloned. The iMAS research team, the team that brought Encrypted CoreData (ECD) to Github open source, has your back! At this talk we will introduce open source Encrypted Code Modules (ECM) as a technique to protect sensitive enterprise iOS applications. Using ECM as the base we will demonstrate an iOS app anti-tamper technique that is considerably more resistant to patching. We will walk through this step-by-step process to make your iOS apps more secure and … authentic.