This is a guest post from security researcher Nitesh Dhanjani which follows his previous iOS articles. At the 2011 World Wide Developer Conference in San Francisco, Steve Jobs revealed his vision for Apple's iCloud: to demote the desktop as the central media hub and to seamlessly integrate the user's experience across devices. Apple's iCloud service … Continue reading Apple's iCloud: Thoughts on Security and the Storage APIs
In this article, John Bielich and Khash Kiani introduce OAuth, and demonstrate one type of approach in which a malicious native client application can compromise sensitive end-user data. Earlier this year, Khash posted a paper entitled: "Four Attacks on OAuth - How to Secure Your OAuth Implementation" that introduced a common protocol flow, with specific … Continue reading Password Tracking in Malicious iOS Apps
This is a guest post from security researcher Nitesh Dhanjani. Nitesh will be giving a talk on "Hacking and Securing Next Generation iPhone and iPad Apps" at SANS AppSec 2011. Millions of iOS users and developers have come to rely on Apple's Push Notification Service (APN). In this article, I will briefly introduce details of … Continue reading Apple iOS Push Notifications: Security Implications, Abuse Scenarios, and Countermeasures
Backgrounding and Snapshots In iOS when an application moves to the background the system takes a screen shot of the application's main window. This screen shot is used to animate transitions when the app is reopened. For example, pressing the home button while using the logon screen of the Chase App results in the following … Continue reading What's in Your iOS Image Cache?
This is a guest post from security researcher Nitesh Dhanjani. Nitesh will be giving a talk on "Hacking and Securing Next Generation iPhone and iPad Apps" at SANS AppSec 2011. Many iOS applications use HTTP to connect to server side resources. To protect user-data from being eavesdropped, iOS applications often use SSL to encrypt their … Continue reading Secure Coding iPhone and iPad Apps Against MiTM