d1 t2 chilik tamir - profiting from ios malware
Post on 22-Jan-2018
114 Views
Preview:
TRANSCRIPT
Chilik Tamir chilik@mi3security.com Twitter: @_coreDump
TheApplica+onSandbox
iOSMalware
h6ps://developer.apple.com/programs/enroll/
HomeBrewedEvilClientsMalware
iOS Playground Rules z All code must be signed z All apps are subjected to a review process z All certificates require identification z All installation are validated on device z Any misbehaving developer will be accountable
(demo)
iPhoneRepairshopsiPwnshopsDEVICE+PASSCODEFTW!!!
Hmm,CananEvilClientAccesstheSandbox
“Juicy”Content?
Sandjacking:EvilclienthijackingofhostApplica+onSandboxcontent
SandJacking,SampleUsecase:
z UnknownApplica+onpassphrase/passcodez DEMO:Secureapplica+onwithWIPEEnabled
AnFBIvs.AppleEncryptedApplica+on:
SandJackingoniOS<8.3
Alas….
Hmm,itseamsthatapplehadpatchthefrontdoor…
Butapperantlytheyle]abackdoorwideopen..!
IntroducingSandJackingonanyiOS
IntroducingSandJackingonanyiOS>8.3
Demo+me
SandJacking:Timeline
SandJacking:SandJacker-TheTool
Ques+ons&Answers
Other Resources z Chilik Tamir, Su-A-Cyder: Home-brewing iOS malware
like a B0$$ BHAsia 2016 https://www.blackhat.com/docs/asia-16/materials/asia-16-Tamir-Su-A-Cyder-Homebrewing-Malware-For-iOS-Like-A-B0SS.pdf
z Claud Xiao, Palo-Alto Networks, http://researchcenter.paloaltonetworks.com/author/claud-xiao/
Chilik Tamir chilik@mi3security.com Twitter: @_coreDump
top related