Reversing iOS Apps - a Practical Approach presented at t2InfoSecCon 2014

by Patrick Wardle,

Summary : Mobile apps are ever more ubiquitous, but their widespread adoption comes at a cost. Seemingly every week, a new vulnerability is discovered that jeopardizes the security and privacy of mobile users. Examples include the popular dating app Tinder (leaked the exact location of its users), the photo messaging app SnapChat (exposed connections between phone numbers and users’ accounts) and CitiMobile (stored sensitive account information without encryption). These vulnerabilities (and many more) were not found by the developers of the applications, but rather by reverse-engineers who took it upon themselves to dissect said applications.
Unfortunately, at least for iOS applications, reverse-engineering is still viewed by many as somewhat of a black art. This is due to a myriad of reasons; iOS apps are encrypted, written in a difficult-to-reverse-engineer language (Objective-C), and run on a mostly closed-sourced proprietary OS.
This talk will detail the process of reverse-engineering iOS apps in order to perform security audits and provide best practices to prevent common mobile-specific vulnerabilities. The talk will describe how to extract an application’s unencrypted binary code, analyze the ARM disassembly, and identify vulnerabilities that commonly affect iOS apps. Real-life cases from iOS applications in the App Store will be presented to provide a more 'hands-on' feel to the reversing procedure and to show some actual security vulnerabilities.
Patrick is currently the Director of Researcher at Synack. He leads R&D efforts, ensuring the company remains on the cutting edge of cyber security.
Patrick began his professional computer science career at NASA, then was hired at the NSA as a global network exploitation and vulnerability analyst. While at the NSA, Patrick received several classified patents and helped lead a team which received NSA’s highest civilian team award. In 2008, Patrick left the NSA to help found Vulnerability Researcher Labs (VRL), which was bought in 2010. Patrick recently joined Synack in 2013.
Patrick has extensive experience analyzing malware and has authored several sophisticated malware detection tools. Currently, his focus has been on the emerging threats of OS X and mobile malware. Besides malware analysis, Patrick is also a skilled vulnerability and exploitation analyst, and has found exploitable 0days in major operating systems such as OS X and Windows and popular applications such as Acrobat Reader.