Apple iOS Security

Apple's iPhone and iPad are popular consumer devices and increasingly being adopted in the enterprise. This popularity combined with the sensitive data stored on these devices raise questions about system security and privacy.

We are conducting research to address the challenging problems related to Apple iOS and App security.


Software Tools

AppMinder

AppMinder is a non-commercial research project focused on developing defensive protections to be integrated into Enterprise iOS Apps. The protections provided by AppMinder aim to help detect whether a corporate device has been compromised with malware.

For further information please refer to http://appminder.nesolabs.de.

Snoop-it

Snoop-it is a tool to assist dynamic analysis and blackbox security assessments of mobile Apps by retrofitting existing apps with debugging and runtime tracing capabilities. Snoop-it allows on-the-fly manipulations of arbitrary iOS Apps with an easy-to-use graphical user interface. Thus, bypassing client-side restrictions or unlocking additional features and premium content of Apps is going to be a child's play.

For further information please refer to https://code.google.com/p/snoop-it/.

Gorilla

As Apple iOS lacks some important security and privacy features we developed an App called Gorilla, which helps to protect you from drive-by style attacks and privacy issues.

Source code of Gorilla will be published on GitHub soon.


Publications

In addition to our tools, NESO Security Labs consultants regularly publish their research work on the topic of iOS and App security at a variety of industry conferences. This section contains the related presentation slides.

  • Shakacon Security Conference 2013, Pentesting iOS Apps - Runtime Analysis and Manipulation, Slides
  • heise Security Tour 2013 "Sicheres Mobile Device Management - BYOD ohne Reue",
    Alle Jahre wieder: (Un)sicherheit mobiler Apps (German)
  • Entwicklertag 2013, die Konferenz für Softwareentwicklung,
    Sicherheit mobiler Apps (German)
  • DeepSec Security Conference 2012, Pentesting iOS Apps - Runtime Analysis and Manipulation, Slides
  • German OWASP Day 2012, Laufzeitanalyse & Manipulation von Apple iOS Apps, Slides (German)
  • Heise Events-Konferenz "iPad, iPhone und Android im Enterprise-Umfeld" 2012,
    Wie (un)sicher sind mobile Apps? (German)
  • German OWASP Day 2011, Sicherheit mobiler Apps, Slides (German)

The following is a list of all publicly disclosed vulnerabilities within iOS Apps discovered by NESO Security Labs not restricted under NDA:


Securing iOS - Bug Hunting

Bug Hunting

We are actively looking for security vulnerabilities in Apple iOS and help Apple to remediate or rectify our findings.

The following is a list of all publicly disclosed iOS vulnerabilities discovered by NESO Security Labs not restricted under NDA:

  • Apple iOS Personal Hotspot Weak Default Password Generator (CVE-2013-4616)
  • Apple iOS OfficeImport Excel Double Free Vulnerability (CVE-2011-3261)
  • Apple iOS OfficeImport Word Document Parsing Memory Corruption Vulnerability
    (CVE-2011-3260)
  • Apple iOS and Mac OS X OfficeImport Word sprmTInsert Record Unitialized Memory Vulnerability
    (CVE-2011-0208)
  • Apple iOS and Mac OS X OfficeImport Excel SHRFMLA Record Memory Corruption Vulnerability
    (CVE-2011-0184)
  • Apple iOS and Mac OS X OfficeImport Excel USREXCL Record Memory Corruption Vulnerability
    (CVE-2010-3786)
  • Apple iPhone OS and Mac OS X CoreAudio Stack Buffer Overflow (CVE-2010-0036) Advisory
  • Apple iPhone OS AudioCodecs Heap Buffer Overflow (CVE-2009-2206) Advisory