Apple iOS 4 Security Evaluation

Dino A. Dai Zovi Trail of Bits LLC

Disclaimers
I have never worked for Apple, but I have a crippling addiction to buying and tinkering with their products. I have never received any monetary compensation from Apple, but they have sent me some free shwag I have been mistaken by strangers on the street for being an offduty Apple Store employee I hacked a Mac once, but dont worry, it wasnt yours. Charlie Miller and I wrote an entire book on hacking the Mac and I still have never met Steve Jobs. I blame Charlie.

Acknowledgements
iPhone jailbreak developer community Chronic Dev Team, Comex for releasing tools with source The iPhone Wiki for excellent up-to-date documentation Other security researchers with great iOS research Jean-Baptiste Bedrune, Jean Sigwald (SOGETI ESEC) Dion Blazakis Stefan Esser

Focus of This Talk

What enterprise users need to know about iOS security features and properties to make informed deployment, conguration, usage, and procedure decisions How iOS security compares to competing mobile platforms Assorted iOS implementation details and internals Interesting places for reverse engineers and vulnerability researchers to look (if they are paying close attention)

Overview
Introduction ASLR Code Signing Sandboxing Data Encryption

Introduction

Security Concerns
Sensitive data compromise from lost/stolen device What data can be recovered by attacker? Malicious Apps What is the likelihood of DroidDream for iOS? Remote attacks through web browser, e-mail, etc. Is that a desktop (aka APT target) in your pocket?

Remote Attack Graph

Malicious Data Exploit Memory Corruption Vulnerability Returnoriented Execution Bypass Code Signing Enforcement Sandboxed Native Code Execution Escape Sandbox Unprivileged Native Code Execution Exploit Privilege Escalation Vulnerability

Exploit Kernel Vulnerability Jailbreak running kernel

Privileged Native Code Execution

Temporary Jailbreak

Kernel Mode Code Execution

Persistence Attack Graph

Privileged Native Code Execution Drop Executable That Runs at Boot Boot-time Binary Execution Exploit Incomplete Code Signing Vulnerability Returnoriented execution ...

Kernel mode code execution Jailbreak running kernel Obtain Apple's Private Key

Overwrite kernelcache

Untethered Jailbreak

Address Space Layout Randomization

Security Concerns
How hard is it to remotely exploit built-in or thirdparty applications? Malicious web page in Safari or third-party app with embedded browser (i.e Facebook, Twitter) Malicious e-mail message or attachment in Mail Man-in-the-middle and corrupt network communication of third-party apps

iOS 4.3 ASLR

ASLR is a common runtime security feature on desktop and server operating systems and is a good generic protection against remote exploits iOS 4.3 introduced ASLR support iOS 4.3 requires iPhone 3GS and later (ARMv7) Apps must be compiled with PIE support for full ASLR, otherwise they only get partial ASLR iOS 4.3 built-in apps and executables are all PIE

ASLR with PIE

Executable
0xd2e48 0xaae48 0xbbe48 0x46e48 0xc1e48

Heap
0x1cd76660 0x1ed68950 0x1cd09370 0x1fd36b80 0x1dd81970

Stack
0x2fecf2a8 0x2fea72a8 0x2feb82a8 0x2fe432a8 0x2febe2a8

Libraries
0x35e3edd1 0x35e3edd1 0x35e3edd1 0x35e3edd1 0x35e3edd1

Linker
0x2fed0000 0x2fea8000 0x2feb9000 0x2fe44000 0x2febf000

Reboot
0x14e48 0x62e48 0x9ee48 0xa0e48 0xcde48 0x1dd26640 0x1dd49240 0x1d577490 0x1e506130 0x1fd1d130 0x2fe112a8 0x2fe112a8 0x2fe9b2a8 0x2fe9d2a8 0x2feca2a8 0x36146dd1 0x36146dd1 0x36146dd1 0x36146dd1 0x36146dd1 0x2fe12000 0x2fe60000 0x2fe9c000 0x2fe9e000 0x2fecb000

ASLR without PIE

Executable
0x2e88 0x2e88 0x2e88 0x2e88 0x2e88

Heap
0x15ea70 0x11cc60 0x14e190 0x145860 0x134440

Stack
0x2fdff2c0 0x2fdff2c0 0x2fdff2c0 0x2fdff2c0 0x2fdff2c0

Libraries
0x36adadd1 0x36adadd1 0x36adadd1 0x36adadd1 0x36adadd1

Linker
0x2fe00000 0x2fe00000 0x2fe00000 0x2fe00000 0x2fe00000

Reboot
0x2e88 0x2e88 0x2e88 0x2e88 0x2e88 0x174980 0x13ca60 0x163540 0x136970 0x177e30 0x2fdff2c0 0x2fdff2c0 0x2fdff2c0 0x2fdff2c0 0x2fdff2c0 0x35e3edd1 0x35e3edd1 0x35e3edd1 0x35e3edd1 0x35e3edd1 0x2fe00000 0x2fe00000 0x2fe00000 0x2fe00000 0x2fe00000

Partial vs. Full ASLR

PIE Main Executable Heap Stack Shared Libraries
Randomized per device boot

Linker

No

Fixed

Randomized per execution

Randomized

Fixed

Fixed

Yes

Randomized Randomized Randomized Randomized per execution per per per device per (more execution execution boot execution
entropy)

Identifying PIE support

otool -hv <executable>
$ otool -hv MobileSafari MobileSafari: Mach header magic cputype cpusubtype MH_MAGIC ARM V7 TWOLEVEL PIE

caps 0x00

filetype ncmds sizeofcmds EXECUTE 40 4560

flags NOUNDEFS DYLDLINK

hexdump
$ hexdump -C MobileSafari | head 00000000 ce fa ed fe 0c 00 00 00 09 00 00 00 02 00 00 00 00000010 28 00 00 00 d0 11 00 00 85 00 20 00 01 00 00 00 |................| |(......... .....|

PIE in Real-World Apps?

Top 10 Free Apps

App Songify
Happy Theme Park

Cave Bowling Movie-Quiz Lite Spotify Make-Up Girls

Racing Penguin, Flying Free

ICEE Maker Cracked Screen Facebook

Version 1.0.1 1.0 1.10 1.3.2 0.4.14 1.0 1.2 1.01 1.0 3.4.3

Post Date June 29, 2011 June 29, 2011 June 21, 2011 May 31, 2011 July 6, 2011 July 5, 2011 July 6, 2011 June 28, 2011 June 24, 2011 June 29, 2011

PIE No No No No No No No No No No

Bottom Line
All built-in apps in iOS 4.3 have full ASLR with PIE support Third-party apps are rarely compiled with PIE support and run with partial ASLR Static location of dyld facilitates exploitation by providing known executable material at a known place (code reuse, return-oriented programming, etc) Applications using a UIWebView are the highest risk (embedded browser in Twitter, Facebook, etc)

Code Signing

Security Concerns
Can this application be trusted to run on my device? Who (real-world entity) wrote it? How do we know its really them? Does it have any hidden functionality? Can it change functionality at run time?

Code Signing
Mandatory Code Signing Every executable binary or application must have a valid and trusted signature Enforced when an application or binary is executed Code Signing Enforcement Processes may only execute code that has been signed with a valid and trusted signature Enforced at runtime

Mandatory Code Signing

Code Signing security model Certicates Provisioning Proles Signed Applications Entitlements

Certicates
Identify the real-world author or publisher of a piece of software i.e. Apple veries individual/company real-world credentials Must be issued by and signed by Apple Developers are assigned unique application identier prexes

Provisioning Proles
The Provisioning Prole itself must be signed by Apple Congures an iOS device to trust software signed by the embedded certicate Denes which entitlements the developer is permitted to give to applications they sign Prole may be tied to one specic device or global Development vs. Distribution provisioning proles

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/ DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>ApplicationIdentifierPrefix</key> <array> <string>9ZJJSS7EFV</string> </array> <key>CreationDate</key> <date>2010-08-20T02:55:55Z</date> <key>DeveloperCertificates</key> <array> <data>...</data> </array> <key>Entitlements</key> <dict> <key>application-identifier</key> <string>9ZJJSS7EFV.*</string> <key>get-task-allow</key> <true/> <key>keychain-access-groups</key> <array> <string>9ZJJSS7EFV.*</string> </array> </dict> [ ... ]

[ ... ] <key>ExpirationDate</key> <date>2010-11-18T02:55:55Z</date> <key>Name</key> <string>Development</string> <key>ProvisionedDevices</key> <array> <string>e757cfc725783fa29e8b368d2e193577ec67bc91</string> </array> <key>TimeToLive</key> <integer>90</integer> <key>UUID</key> <string>BDE2CA16-499D-4827-BB70-73886F52D30D</string> <key>Version</key> <integer>1</integer> </dict> </plist>

Distribution Models
On-Device Development allows developers to build and test applications on their own devices Ad-Hoc Distribution allows developers to beta test applications on up to 100 other users devices AppStore Distribution allows developers to publish applications on the iTunes AppStore In-House Distribution allows Enterprise Developers to distribute their custom applications to any device

OTA App Distribution

Ad-Hoc and In-House Provisioning Proles can be distributed with the Application in a single archive Developer must host the application .ipa archive and manifest plist le on a web server Link to manifest can be sent via e-mail, SMS, or other web page When user clicks the link, iOS displays developer and application name in a cancel/allow dialog

Code Signing Internals

AppleMobileFileIntegrity kernel extension responsible for implementing code signing security policy Installs MAC Framework policy hooks to enforce Mandatory Code Signing and Code Signing Enforcement Dynamic code signing implemented in xnu virtual memory system (see kernel sources) Process code signing status tracked in proc.csags

MAC Hook

API Description

AMFI Usage

mpo_vnode_check_signature

Determine whether the given Checks for the given CDHash code signature or code in the trust caches. If it is not directory SHA1 hash are valid. found, the full signature is validated by performing an RPC call to the userspace amd daemon. If a particular global ag is set (am_get_out_of_my_way), then any signature is allowed. Determine whether the subject Sets the code signing identied by the credential can CS_HARD and CS_KILL ags, execute the passed vnode. indicating that the process shouldnt load invalid pages and that the process should be killed if it becomes invalid. Determine whether the subject identied by the credential can get the passed process's task control port.
Allows if the target process has the get-task-allow entitlement and the source task has task_for_pid-allow entitlement.

mpo_vnode_check_exec

mpo_proc_check_get_task

MAC Hook

API Description
Determine whether the process may execute even though the system determined that it is untrusted (unidentied or modied code)

AMFI Usage
Allow execution if the process has the get-taskallow, run-invalid-allow, or run-unsigned-code entitlements or an RPC call to amd returns indicating that unrestricted debugging should be allowed. Allows the process to allocate anonymous memory if and only if the process has the dynamiccodesigning entitlement.

mpo_proc_check_run_cs_invalid

mpo_proc_check_map_anon

Determine whether the subject identied by the credential should be allowed to obtain anonymous memory with the specied ags and protections.

Normal Code Signature

Executable=/.../9D3A8D85-7EDE-417A-9221-1482D60A40B7/iBooks.app/iBooks Identifier=com.apple.iBooks Format=bundle with Mach-O universal (armv6 armv7) CodeDirectory v=20100 size=14585 flags=0x0(none) hashes=721+5 location=embedded Hash type=sha1 size=20 CDHash=ac93a95bd6594f04c209fb6bf317d148b99ac4d7 Signature size=3582 Authority=Apple iPhone OS Application Signing Authority=Apple iPhone Certification Authority Authority=Apple Root CA Signed Time=Jun 7, 2011 11:30:58 AM Info.plist entries=36 Sealed Resources rules=13 files=753 Internal requirements count=2 size=344

Ad-Hoc Code Signature

Executable=/Developer/usr/bin/debugserver Identifier=com.apple.debugserver Format=Mach-O universal (armv6 armv7) CodeDirectory v=20100 size=1070 flags=0x2(adhoc) hashes=45+5 location=embedded CDHash=6a2a1549829f4bff9797a69a1e483951721ebcbd Signature=adhoc Info.plist=not bound Sealed Resources=none Internal requirements count=1 size=152

Code Signature Verication

iOS kernel has a static trust cache of CDHashes AMFI IOKit UserClient lets root load trust caches into dynamic trust cache Trust cache must stored in a signed IMG3 Kernel performs RPC call to usermode daemon to perform full binary code signature verication Kernel stores the CDHash of each veried binary in the MRU trust cache linked list

Code Signing Verication

vnode_check_signature Is am_get_out_of_my_ way true?

No

Is CDHash in static trust cache?

No

Is CDHash in dynamic trust cache?

Yes

Yes

No Yes

Move CDHash entry to front of MRU linked list

Yes

Is CDHash in MRU trust cache?

No

Add CDHash entry to front of MRU linked list

Success

RPC call to amd verify_code_directory

Failure
Is am_allow_any_signature true?

Allow

Yes

No
Deny

AMFI Daemon
/usr/libexec/amd
Message ID Subroutine Description
Veries the given code directory hash and signature for the executable at the given path. This checks whether the signature is valid and that it should be trusted based on the built-in Apple certicates and installed provisioning proles (if any).

1000

verify_code_directory

1001

Enumerates the installed provisioning proles and checks for a special Applepermit_unrestricted_debugging internal provisioning prole with the UDID of the current device that enables unrestricted debugging on it.

Bypassing Code Signing

Incomplete Code Signing1 Exploits Manipulate dynamic linker to perform stack pivot and execute return-oriented payload Interposition exploit (4.0), Initializers exploit (4.1) More recent exploits use relocations to dynamically adjust ROP payloads to compensate for ASLR iOS 4.3.4 strengthens iOS defenses against these
1http://theiphonewiki.com/wiki/index.php?title=Incomplete_Codesign_Exploit

Code Signing Enforcement

Ensure that process stays dynamically valid No introduction of new executable code Already loaded executable code cant be changed Guarantees that the app code that was reviewed is what runs on the device Also just happens to prevent injecting shellcode

csops
int csops(pid_t pid, uint32_t ops, user_addr_t useraddr, user_size_t usersize);

System call to interact with a process code signing state Get code signing status Set code signing ags (CS_HARD, CS_KILL) Get executable pathname, code directory hash, active running slice

CS Ops
Flag
CS_OPS_STATUS CS_OPS_MARKINVALID CS_OPS_MARKHARD CS_OPS_MARKKILL CS_OPS_PIDPATH CS_OPS_CDHASH CS_OPS_PIDOFFSET

Value
0 1 3 4 5 6 7

Description
Return process CS status Invalidate process Set CS_HARD ag Set CS_KILL ag Get executables pathname Get code directory hash Get offset of active Mach-O slice

CS Status Flags
Flag
CS_VALID CS_HARD CS_KILL

Value

Description

0x00001 Process is dynamically valid 0x00100 Process shouldnt load invalid pages 0x00200

Process should be killed if it becomes dynamically invalid Process should set CS_HARD on any CS_EXEC_SET_HARD 0x01000 execd child Process should set CS_KILL on any execd CS_EXEC_SET_KILL 0x02000 child The process was killed by the kernel for CS_KILLED 0x10000 being dynamically invalid

CS_HARD and CS_KILL

CS_HARD Enforce W^X (Writable XOR Executable) memory page policy Do not allow invalid memory pages to be loaded
mprotect(addr, len, ... | PROT_EXEC) => EPERM

CS_KILL Kill the process if it becomes dynamically invalid

mprotect(text, len, PROT_READ | PROT_WRITE)

... Modify code page ...

mprotect(text, len, PROT_READ | PROT_EXEC) => SIGKILL

iOS 4.3 Adds JavaScript JIT

# ldid -e /Applications/MobileSafari.app/MobileSafari <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/ PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.coreaudio.allow-amr-decode</key> <true/> <key>com.apple.coremedia.allow-protected-content-playback</key> <true/> <key>com.apple.managedconfiguration.profiled-access</key> <true/> <key>com.apple.springboard.opensensitiveurl</key> <true/> <key>dynamic-codesigning</key> <true/> <key>keychain-access-groups</key> <array> <string>com.apple.cfnetwork</string> <string>com.apple.identities</string> <string>com.apple.mobilesafari</string> </array> <key>platform-application</key> <true/> <key>seatbelt-profiles</key> <array> <string>MobileSafari</string> </array> </dict> </plist>

AMFI MAC Hook

MAC Hook API Description
Determine whether the subject identied by the credential should be allowed to obtain anonymous memory with the specied ags and protections.

AMFI Usage
Allows the process to allocate anonymous memory if and only if the process has the dynamiccodesigning entitlement.

mpo_proc_check_map_anon

Dynamic Code Signing

The dynamic-codesigning entitlement allows the process to map anonymous memory with any specied protections. Only MobileSafari has this entitlement in iOS 4.3 Necessary for JavaScript native JIT (Nitro) Previously MobileSafari did bytecode JIT

Bottom Line
Mandatory Code Signing in iOS is strong defense against execution of unauthorized binaries Requires incomplete code signing exploits to bypass and obtain return-oriented execution Code signing forces attackers to develop fully ROP payloads DEP/NX only require a ROP stage to allocate new executable memory and copy shellcode into it JIT support in Safari reduces ROP requirements to a stage

Sandboxing

Security Concerns
Can an exploited app or malicious third-party app... Access or modify data belonging to other applications? Access or modify potentially sensitive user information? Break out of the sandbox and rootkit iOS?

Sandboxing in iOS
Based on same core technologies as Mac OS X sandbox See Dions The Apple Sandbox from BHDC 2011 for more information on internals Modied his tools to decompile iOS 4.3 proles iOS only supports static built-in proles Process sandbox prole is determined by seatbeltproles entitlement

Sandbox Kernel Extension

Installs MAC Hooks on all secured operations MAC hooks evaluate a binary decision tree to make access determination Sandbox proles consist of the set of decision trees dened for each dened operation with conditional lters based on requested resource i.e. does le name match this regex?

Built-in Sandbox Proles

Background daemons: accessoryd, apsd, dataaccessd, iapd, mDNSResponder, etc. Built-in Apps: MobileMail, MobileSafari, MobileSMS, Stocks, YouTube, etc. Third-party Apps: container and container2 (iBooks)

Third-Party Applications
Assigned a dedicated portion of the le system (container or application home directory) each time it is installed Can a rogue application escape the sandbox and read other applications data or modify the device rmware?

App Home Directory

Subdirectory
<AppName>.app/ Documents/ Library/ Library/Preferences/ Library/Caches/ tmp/

Description
The signed bundle containing the application code and static data App-specic user-created data les that may be shared with the users desktop through iTuness File Sharing features Application support les Application-specic preference les App-specic data that should persist across successive launches of the application but not needed to be backed up Temporary les that do not need to persist across successive launches of the application

Container Prole
See whitepaper for detailed description and tarball for fully decompiled prole Summary: File access is generally restricted to apps home directory Can read media: songs, photos, videos Can read and write AddressBook Some IOKit User Clients are allowed All Mach bootstrap servers are allowed

Mach Bootstrap Servers

All Mach tasks have access to a bootstrap port to lookup service ports for Mach RPC services On iOS, this is handled by launchd 141 RPC servers accessible from apps Risk of being exploited over RPC May present risk of allowing apps to perform unauthorized or undesirable actions

Example Servers
com.apple.UIKit.pasteboardd com.apple.springboard com.apple.MobileFileIntegrity com.apple.fairplayd com.apple.mobile.obliteration com.apple.iTunesStore.daemon

Bottom Line
Remote exploits are most likely able to break out of sandbox by exploiting iOS kernel or IOKit UserClients permitted by sandbox prole Rogue applications would need to exploit and jailbreak the kernel to escape sandbox Could repurpose kernel exploits from Jailbreaks Apples review will likely catch this OTA app distribution bypasses Apples review (target user interaction required)

Data Encryption

Security Concerns
What sensitive data may be compromised if a device is lost or stolen? What data is encrypted? What data is protected by the passcode? How hard is it to crack iOS passcodes? Can they be cracked off the device?

Data Encryption
What you need to know about Data Encryption in iOS to make informed deployment and conguration decisions For more internals and implementation details, refer to excellent iPhone Data Protection in Depth1 from HITB Amsterdam 2011

1http://esec-lab.sogeti.com/dotclear/public/publications/11-hitbamsterdam-iphonedataprotection.pdf

Encryption Layers
Entire lesystem is encrypted using block-based encryption with File System Key FSK is stored on the ash, encrypted using key derived from UID Key Each le has a unique encryption key stored in an extended attribute, protected by Class Key Class Keys are stored in the System KeyBag Some Class Keys are protected by a key derived from the users passcode (Passcode Key) Certain Class Keys are also protected by the device-specic UID Key that is embedded in hardware and inaccessible to code running on CPU

Data Protection API

Applications must specically mark les on the lesystem and Keychain items with a Protection Class in order for them receive greater protection Files and Keychain items can be made inaccessible when the device is locked (protected by Passcode Key) Keychain items can be made non-migratable to other devices (protected by UID Key)

Data Protection Coverage

In iOS 4, DP is only used by the built-in Mail app Protects all mail messages, attachments, and indexes Protects passwords for IMAP, SMTP servers Protected items are only accessible when device is unlocked Exchange ActiveSync passwords are accessible always to preserve remote wipe functionality DP is also used for automatic UI screenshots generated when user hits the Home Button.

Attacking Passcode
With knowledge of passcode, you can decrypt the data protected by iOS Data Protection Increasing incorrect passcode delay and forced device wipe after too many incorrect guesses are enforced by UI Springboard -> MobileKeyBag Framework -> AppleKeyStore IOKit UserClient -> AppleKeyStore Kernel Extension On a jailbroken device, you can guess passcodes directly using the MKB Framework or AppleKeyStore IOKit User Client Jailbreak device using BootROM exploit, install SSH bundle, restart, and log in via SSH over USBMUX

Passcode Key
Passcode Key is derived using PBKDF2 using AES with the Device Key as the hashing function Cannot derive key off of the device that created it unless you can extract the UID Key from the hardware Iteration count of PBKDF2 is tuned to hardware speed Roughly 9.18 guesses/second on iPhone4

Worst-Case Passcode Guessing Time (iPhone4)

Passcode Length 4 4 6 8 8 Complexity Numeric Alphanumeric Alphanumeric Alphanumeric
Alphanumeric, Complex

Time 18 minutes 51 hours 8 years 13 thousand years 2 million years

Assuming 26 lowercase letters + 10 digits + 34 complex characters = 70 chars

Bottom Line
6-character alphanumeric passcodes are probably sufcient Unless attacker can extract UID Key from hardware Lack of thorough Data Protection coverage is a serious issue Wait to see what iOS 5 covers Audit third-party apps for Data Protection usage iPad2 and later have no public Boot ROM exploits, making attacks on lost devices much more difcult and unlikely

Conclusion

Findings
Third-party applications without PIE support wont get full ASLR and are easier to exploit, especially if they have an embedded web browser In-House Distribution Certicates and Provisioning Proles allow their apps to run on all devices, Enterprise Developers should protect them Attackers could steal them and use OTA distribution and social engineering to bypass Apples AppStore review As of iOS 4.3, Safaris dynamic-codesigning entitlement makes browser exploits require a ROP stage, not full ROP All 140+ iOS Mach RPC servers are allowed through sandbox prole, may allow apps to perform undesirable actions

Findings
Although lesystem is encrypted with block-level encryption, exploiting the devices BootROM and booting jailbroken can be used to read the data In iOS 4, Data Protection only protects Mail messages and passwords (and screenshots) with users passcode While passcode must be cracked on-device, default simple passcodes are brute-force cracked in less than 20 minutes

iOS vs. Android/BlackBerry

How does iOS security compare to Android and BlackBerry? iOS Data Protection not nearly as thorough as BlackBerrys Content Protection BlackBerrys browser is based on same WebKit as iOS and Android browsers, but has no sandbox (see PWN2OWN 2011) Android has no ASLR or NX, signicantly weaker app isolation, and root can load kernel modules

Unique to iOS
Dynamic Code Signing Enforcement Stronger defense against remote native code injection than DEP/NX/W^X Kernel is secured against user mode code Even the superuser (root) has to exploit the kernel in order to run kernel mode code

On Jailbreaking
Modern jailbreaks require multiple exploits to defeat the layered protections in iOS 1 BootROM exploit required for tethered jailbreak 1 BootROM, 1 Incomplete Code Signing, and 1 Kernel exploit required for untethered jailbreak 1 Safari, 1 Kernel exploit required for remote temporary jailbreak 1 Safari, 1 Kernel, 1 Incomplete Code Signing exploit for remote untethered jailbreak (i.e. JailbreakMe) Jailbreaking essentially reduces iOS security to level of Android

Attacks You Should Care Most About

Lost/stolen device How well is iOS and third-party app data protected? Repurposed jailbreak exploits JailbreakMe PDF attacks via e-mail or web Stolen Enterprise In-House Distribution Certicate and social engineering OTA app links Apps containing kernel exploit from JB

Hardware Advice
iPhone 3G and earlier shouldnt be allowed No longer supported by iOS No device encryption support Permanently jailbroken via Boot ROM exploits iPad 2 has no public Boot ROM exploits, making it safer than earlier iOS devices

Bottom Line
Should you deploy iOS devices for enterprise use? Wait for iOS 5, hopefully DP API is more thorough Audit any apps w/ enterprise data for Data Protection API usage or poor use of custom cryptography Prefer iPad2 and to-be-released iPhone because they dont have known BootROM exploits Use an MDM product and apply security policy to all devices Dont let users jailbreak the devices or else you may as well just give them Android devices

One more thing...

bby ho One more thing...

bby ho One more thing...

preview

Google Trends: Mac, iPhone

$99

iOS Fuzz Farm

iOS Fuzz Farm

4 x Apple TVs, switch, power strip = ~$500

Totally headless, only accessible via SSH Perfect size for operating out of small NYC apartments Need to write iOS test harness Some mechanism for testing GUI iOS apps

Nowhere near operational yet

Questions?

Final slides and whitepaper available on blog: http://blog.trailofbits.com @dinodaizovi / [email protected]