Here are the slides from my recent webinar. Sorry about the delay!
Tag Archives: Apple
It’s not too late to register for my webinar on July 12th: Android vs. Apple iOS Security Showdown. I’ll be taking a entertaining look at the current security posture of both platforms. I’ll be battling the Apple App Store vs. Google Play, device updates, MDMs, developer controls, security features and the current slew of vulnerabilities for both platforms. Which one will emerge the victor? Register for my webinar on July 12th to find out!
Below are links over on SlideShare to the latest version of my ever evolving presentation “Attacking & Defending Apple iOS Devices in the Enterprise”. This is the version I presented at the SANS Mobile Device Security Summit a few weeks ago. I include information on iOS 5, the latest jailbreaks at the time (this has since changed with the release of iOS 5.1) and some information on the security of iCloud.
Just a reminder that I’ll be presenting Smart Bombs: Mobile Vulnerability and Exploitation with John Sawyer and Kevin Johnson at OWASP AppSec DC on April 5th in Washington DC. I’ll be focusing my research on iOS application testing and some of the vulnerabilities discovered in some of the top 25 iOS applications.
Share and Enjoy
Just a quick post about the SANS Mobile Device Security Summit that I participated in. Kudos to Kevin Johnson and Tony DeLaGrange from Secure Ideas for helping organize and lead the event. They did a great job! If you’ve been to SANS events in the past I assure you that this was much different. First, there was a great line up which included Rafal Los (HP), Jack Mannino (nVisium Security), Chris Cuevas (Secure Ideas), John Sawyer (InGuardians), Josh Feinblum (The Advisory Board Company) and Daniel Miessler (HP ShadowLabs) to name a few. Having a lineup of great speakers really made the summit flow as well as it did.
What I liked most about this event was that there were plenty of “real world” talks on how enterprises are deploying and managing mobile deployments. Real in the “trenches” types of talks. Here are some of the themes that I heard throughout all the talks:
- Jailbreaking/Rooting is BAD
- The OWASP Mobile Top 10 is going to be just as important as the traditional web application OWASP Top 10
- Mobile Threats are an evolving, moving target. Security teams have to be quick to adapt to new mobile technology
- MDM (Mobile Device Management Solutions) are a requirement
- Apple iOS devices are preferred over Android in the enterprise (seriously, that was the consensus). No one seems to care about BlackBerry or Windows Mobile devices. I think only one speaker mentioned Windows Mobile…
Speaking to the last point I find this pretty interesting. Especially given the fact that Android seems to be beating Apple in regards to market share of devices and app store apps. I also enjoyed hearing about some of the challenges and pitfalls real IT and security departments are facing. Many of the speakers talked about some best practices they’ve developed and problems they’ve had. One of the highlights for me was a talk by Det. Cindy Murphy from the Madison WI Police Department Computer Forensics Unit. She shared some of her experiences with mobile device forensics and how this evidence holds up in court. I highly recommend you check out this summit next year, it’s one not to miss!
I should have my slides from the latest version of my talk that I gave at the summit (Attacking & Defending Apple iOS Devices in the Enterprise) in the next day or so.
Share and Enjoy
I’ll be presenting “Attacking and Defending Apple iOS Devices in the Enterprise” Monday, March 12 @ 10am. I’ve got a bunch of new content about iOS 5, iCloud and the latest attacks on these devices. This is the inaugural event for SANS and I’m proud to be part of it! More information can be found here at the SANS website.
Share and Enjoy
Apple mobile devices are among the most popular gadgets today. In fact, Apple reports that 250 million iOS devices have been sold and 18 million apps downloaded. I often find that, while the popularity of these devices increases, many don’t understand the basic security features that Apple makes available to them. Some of you may not even realize that these features exist and how easy they are to use. Let’s walk through the top five security settings for these devices:
#1 – The Passcode
This is the most important security feature of your device. It’s also one of the least configured settings. While it may be a pain to “unlock” your device when you want to use it, it’s also your first line of defense if your device is ever lost or stolen. The key to the passcode is to ensure its complex and greater than 4 characters or digits. Never use simple passcodes like “1234” or your ATM PIN number. The two other settings that you need to set are to “Require Passcode Immediately” and set “Simple Passcode” to OFF. You can find these settings under the “Settings” icon then “Passcode Lock”.
#2 – Erase Data
The erase data functionality adds another layer of security to your device. This function will erase all data after 10 failed passcode attempts. What this means is that if someone steals your device and tries to brute force your passcode, if they enter it incorrectly, the device is erased and returned to the factory default settings. Turn “Erase Data” to ON in the Passcode Lock screen.
#3 – Find My iPhone/iPad
If you ever lose or misplace your iPhone or iPad, “Find My iPhone/iPad” is a very important feature to enable. Simply download the application on your device or access it through iCloud (icloud.com). If your device is iOS 4 or below you will need to use the “MobileMe” (me.com) feature instead of iCloud. Either way, you will need to login with your Apple ID to set it up. You can then send the device a message or alert, locate the device on Google Maps, remotely set a passcode, and remotely erase the device. This feature is invaluable if your device is lost or stolen.
#4 – Backup Encryption
One of the more obscure settings that many users don’t set is the “Encrypt Backup” setting, which is found in iTunes. This setting even applies to the new iCloud service in iOS 5. This setting ensures that the backup of your device is encrypted. It goes without saying, if you can access this backup, the data on your device can be accessed and harvested. For example, earlier last year there was a “feature” in which Geolocation data could be easily harvested from the backup file. This has since been remediated, but just think how much information could be harvested about you through an unencrypted backup file.
#5 – Keep iOS Updated
Making sure that you always have the latest version of Apple iOS on your device is important because Apple is always releasing security updates and implementing new security controls. Simply plug your device into iTunes and you will get prompted to update your phone to the latest version. As a side note, don’t Jailbreak your device! Jailbreaking makes many of the built in security features useless and allows your device to be an easy target for data theft.
Ensuring that you have enabled and configured these security settings on your Apple iOS device is more important than ever. Devices like these are lost or stolen all the time and without taking the proper precautions, your data could be vulnerable. Having conducted Apple iOS device penetration testing assessments at SecureState for our clients, I can tell you how easy it is to break into these devices. It’s easy because the proper basic precautions were not taken. Take five minutes now and enable these settings; you’ll be glad you did.
Share and Enjoy
Last week I spoke at the Central Ohio ISSA Conference about Attacking and Defending Apple IOS Devices. This talk was based on information gathered from several of the mobile pentests that I conducted at SecureState. I’ll be working on more research that will be going into an white paper that I will hopefully be releasing in the next few months. You can find my slides on SlideShare below and watch the video graciously recorded by Iron Geek.
UPDATE (5/27): I found a very nice script by Patrick Toomey which can dump the contents of the keychain on Jailbroken iOS devices. More details about how the script runs can be found in this blog post. Note that the type of information you get back depends if the passcode is enabled or not. You will get more keychain entries back if the passcode is not enabled. I had mentioned in my presentation that I hadn’t found a script to do this yet…well here it is.
Share and Enjoy
So the hard drive on my wife’s one year old MacBook has officially started to kick the bucket. Random crashes, slow performance and lots of errors like this in the system log:
disk0s2: 0xe0030005 (UNDEFINED).
Yup, we have bad blocks..all indicating imminent drive “FAIL”. I have AppleCare on the MacBook so I call them up and explained the situation. Surprisingly, they didn’t give me a hard time. In the past I have had problems with other computer manufacturers (ummm…Dell) in which I would have to argue with the guy/gal on the other end of the phone that the drive was “really bad” and I didn’t need to spend hours on the phone with them troubleshooting. So far so good with Apple right?
So I am finishing up the call and the tech is explaining how Apple will ship me a box to send the MacBook back to them for repair. Apparently, they don’t do self service hard drive swaps anymore. Weird since it’s easy to replace a hard drive on a MacBook. Anyway, the rest of the conversation went something like this…
Apple guy: “Sir, do you have a password set on your MacBook”?
Me: “Yes. Why do you need that?”
Apple guy: “The tech’s need it to replace your hard drive”
Me: “Huh? Why do you need my password to replace a bad hard drive? Just pull the old drive out and put the new one in.”
Apple guy: “Sorry sir. That’s the procedure.”
Me: “What if I don’t give you the password?”
Apple guy: “Then we can’t repair your laptop”
Me: “grrrr…fine…here is my password..ready? a-p-p-l-e-s-e-c-u-r-i-t-y-F-A-I-L”
Apple guy: “Thank you sir. You will have your shipment box in 24 hours.”
So for every bad hard drive that comes into the Apple repair center they log in to verify that the drive is bad? What do they do with all the drives like mine that are still functional but have bad blocks? Can Apple guarantee that there are no shady people working in the repair center wanting to steal my personal information? What happens to the data? The sad mac fact (note the “sad mac” picture above) is that no one knows!
“You agree and understand that it is necessary for Apple to collect, process and use your data in order to perform the service and support obligations under the Plan. This may include the necessity to transfer your data to affiliated companies or service providers located in Europe, India, Japan, Canada, People’s Republic of China or the U.S.“
Huh? People’s Republic of China? That’s nice. I couldn’t find any reference noting what Apple does with your personal “hard drive” data. They only mention your name, address, things you purchased, etc…
So what am I going to do about this? I’m going to completely wipe the drive (Darik’s Boot And Nuke is my favorite disk destruction utility) before sending it back to Apple just to see what happens. I have my doubts that they will actually log in to the MacBook to see if the drive is bad. Let’s see if I get the drive replaced or not…I’m betting it will be replaced, no problem.