Apple iOS 4 Security Evaluation - Insights on Code Signing and Exploitation Prevention

Slide Note
Embed
Share

Dino A. Dai Zovi's paper on Apple iOS 4 Security Evaluation reveals insights into vulnerabilities like buffer overflow attacks and the effectiveness of security measures such as Address Space Layout Randomization and Code Signing Enforcement. Learn about the importance of Trust Certificates and how they help authenticate executables in iOS applications.


Uploaded on Sep 17, 2024 | 1 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Dilip Dwarakanath

  2. The topic Im about to present was taken from a paper titled Apple iOS 4 Security Evaluation written by Dino A Dai Zovi. Dino Zovi is a known hacker and author of several papers on hacking. He is also a faculty member at the NYU Polytechnic University. He has been ranked at 8thout of 15 Most Influential People in Cyber Security today.

  3. In a Buffer over flow attack, the stack of the application is attacked and is inserted with malicious input. This, kind of crashes the application partially, but to recover it goes to back to the return address from where it started. The return address was already pointing to a malicious location in the beginning, so the system is now fully compromised. PIE stands for Position Independent Executables and these executables can run pretty much anywhere in the memory. There are two types of ASLRs (Later): Partial Compiled without PIE Support Complete Compiled with PIE Support

  4. Address Space Layout Randomization makes remote exploitation of memory difficult. It was introduced in iOS 4 and it is used to stop Buffer Overflow Attacks. ASLR Re-arranges address space positions randomly including the location of the executable. Hence, this makes it difficult for the attacker to pinpoint the exact memory address to which it writes.

  5. To verify that all executables are authentic, iOS requires that all apps be signed with Trust Certificate. This is called Code Signing. Some different trust certificates include Apple Store , Developer , Enterprise and University Some Trust Certificates come with certain entitlements. For example, an application with Apple Trust Certificate already has access to certain groups and has certain preset File Permissions. No app can be installed on the device without a Trust Certificate. This is called Mandatory Code Signing. Apple also charges its developers fees for different Trust Certificates, especially for Enterprise packages. The Developer edition is free, but it has no default entitlements.

  6. In order to prevent execution of new executables at runtime, iOS implements a security protection called Code Signing Enforcement (CSE). This prevents applications from loading unsigned libs, downloading new code at run time or using self modifying code. CSE is more stronger than Microsoft s Data Execution Prevention, because in DEP you could potentially download new code and execute them using runtime executable commands.

  7. iOS 4 requires that applications and their data be isolated from other apps and their data. Sandbox is designed to enforce this This is done by assigning each installed app its own file systems and storage. On top of this, process level runtime security policies are implemented to make sure the app isn t writing to or reading from the folder of another application. These policies enforce file and system access restrictions on the application.

  8. The iOS 4.0 version brought around many new changes to the then newly introduced (2010) Operating system. It fixed many serious vulnerabilities and introduced new and improved security measures. It laid the foundation stone for ASLR in operating systems, a system today widely used in many other mobile devices as well. The code signing feature might keep iOS at frustrating levels with the user mind set, but it is much more secure than the Android OS that allows installation of apps from Third Party websites on un-rooted handsets too. Although it brought around these many improvements, it hasn t stopped hackers from being able to insert malware into it, in fact Dan Zovi himself has written a book titled Apple Hacker s Bible aimed specifically at iOS.

  9. Possey, B. How do buffer overflow attacks work? Retrieved April 14, 2015. Zovi, D. (2011). Apple iOS 4 Security Evaluation. BlackHat Conference, USA. Address space layout randomization. Retrieved April 15, 2015 from Wikipedia.org

Related


More Related Content