D1 t2 chilik tamir - profiting from ios malware
-
Upload
andrey-apuhtin -
Category
Software
-
view
112 -
download
0
Transcript of D1 t2 chilik tamir - profiting from ios malware
Chilik Tamir [email protected] Twitter: @_coreDump
TheApplica+onSandbox
iOSMalware
h6ps://developer.apple.com/programs/enroll/
HomeBrewedEvilClientsMalware
iOS Playground Rules z All code must be signed z All apps are subjected to a review process z All certificates require identification z All installation are validated on device z Any misbehaving developer will be accountable
(demo)
iPhoneRepairshopsiPwnshopsDEVICE+PASSCODEFTW!!!
Hmm,CananEvilClientAccesstheSandbox
“Juicy”Content?
Sandjacking:EvilclienthijackingofhostApplica+onSandboxcontent
SandJacking,SampleUsecase:
z UnknownApplica+onpassphrase/passcodez DEMO:Secureapplica+onwithWIPEEnabled
AnFBIvs.AppleEncryptedApplica+on:
SandJackingoniOS<8.3
Alas….
Hmm,itseamsthatapplehadpatchthefrontdoor…
Butapperantlytheyle]abackdoorwideopen..!
IntroducingSandJackingonanyiOS
IntroducingSandJackingonanyiOS>8.3
Demo+me
SandJacking:Timeline
SandJacking:SandJacker-TheTool
Ques+ons&Answers
Other Resources z Chilik Tamir, Su-A-Cyder: Home-brewing iOS malware
like a B0$$ BHAsia 2016 https://www.blackhat.com/docs/asia-16/materials/asia-16-Tamir-Su-A-Cyder-Homebrewing-Malware-For-iOS-Like-A-B0SS.pdf
z Claud Xiao, Palo-Alto Networks, http://researchcenter.paloaltonetworks.com/author/claud-xiao/
Chilik Tamir [email protected] Twitter: @_coreDump