Category Archives: Apple

Attacking & Defending Apple iOS Devices in the Enterprise Presentation Updates

Filed under Apple, Mobile Security
Tagged as , , , , , , ,

Below are links over on SlideShare to the latest version of my ever evolving presentation “Attacking & Defending Apple iOS Devices in the Enterprise”.  This is the version I presented at the SANS Mobile Device Security Summit a few weeks ago.  I include information on iOS 5, the latest jailbreaks at the time (this has since changed with the release of iOS 5.1) and some information on the security of iCloud.

Just a reminder that I’ll be presenting Smart Bombs: Mobile Vulnerability and Exploitation with John Sawyer and Kevin Johnson at OWASP AppSec DC on April 5th in Washington DC.  I’ll be focusing my research on iOS application testing and some of the vulnerabilities discovered in some of the top 25 iOS applications.

Passcode Bypass in iOS 5.1? Not so fast!

Filed under Apple, Mobile Security

During the keynote at the SANS Mobile Device Security Summit here in Nashville this morning Rafal Los (aka: Wh1t3Rabbit) talked about a new passcode bypass vulnerability going around in the latest version of iOS (5.1).  Basically how it’s supposed to work is by opening up the camera on the lock screen you go to the photo gallery, press the home button and it takes you to the home screen bypassing the passcode.  I tried this and it didn’t work on my iPhone.  I was quickly prompted for my passcode.

I did some research and found this blog post which says this is simply a configuration issue with the passcode settings.  Check your setting for “Require Passcode” (under the Passcode Lock screen) and make sure it’s set to “Immediately”.  If it’s set to 1 minute or more, you really haven’t locked your device.  You’ve just been shutting off the screen. 🙂  See the screen shot below for the passcode setting you should be using.



Speaking at the SANS Mobile Device Security Summit

Filed under Apple, Application Security, Mobile Security, Penetration Testing
Tagged as , , , , , ,

I’ll be presenting “Attacking and Defending Apple iOS Devices in the Enterprise” Monday, March 12 @ 10am. I’ve got a bunch of new content about iOS 5, iCloud and the latest attacks on these devices. This is the inaugural event for SANS and I’m proud to be part of it! More information can be found here at the SANS website.