Skip to main content
Injecting Malware into iOS Devices via Malicious Chargers 3 - Installing an Arbitrary Hidden App

Injecting Malware into iOS Devices via Malicious Chargers 3 - Installing an Arbitrary Hidden App

Yeongjin Jang from the Georgia Institute of Technology sheds light on the inalienable constituents of the Mactans attack from a more profound technical perspective. Starting with an overview of the provisioning profile features, the researcher also covers the methodology for obtaining the provisioning profile on the to-be compromised iOS device. Next goes the analysis of how an arbitrary hidden app can be installed, what should be done to obfuscate its execution, and how a private API can be exploited.

John Dee
John Dee
3.5K
Injecting Malware into iOS Devices via Malicious Chargers 2 - Overview of the Mactans Attack

Injecting Malware into iOS Devices via Malicious Chargers 2 - Overview of the Mactans Attack

Billy Lau and his colleague Yeongjin Jang move on with the description of their research, dwelling on the details of Mactans compromising iDevices. In particular, the hardware architecture and other essential properties of the tricky charger are provided, and the algorithm of the attack workflow gets revealed. The process of pairing with the target device and some probable issues that may occur along the way are covered herein as well.

John Dee
John Dee
3.5K
Mactans - Injecting Malware into iOS Devices via Malicious Chargers

Mactans - Injecting Malware into iOS Devices via Malicious Chargers

Researchers from the Georgia Institute of Technology deliver a remarkable presentation at the Black Hat conference, highlighting iOS security essentials and an unprecedented proof-of-concept attack that they came up with. In particular, the study provides a non-trivial perspective of how the so-called ‘walled garden model’ is implemented, with its strong points as well as shortcomings. Importantly, the Mactans concept is also overviewed in this presentation, describing the process of attacking iDevices via an especially designed charger.

John Dee
John Dee
3.5K
iOS 6 Kernel Security 4 - Attack Strategies

iOS 6 Kernel Security 4 - Attack Strategies

Having highlighted the protections and data leaking mitigations hard-coded into iOS 6, Mark Dowd and Tarjei Mandt are now focusing primarily on the attack vectors. More specifically, the attacks being overviewed are beyond the standard syscall table overwrites, kernel code patching, etc. The researchers describe kernel attacks in different scenarios which allow defeating ASLR.

John Dee
John Dee
2.9K
iOS 6 Kernel Security 3 - Kernel Address Space Protection

iOS 6 Kernel Security 3 - Kernel Address Space Protection

The technique known as kernel address space protection, which is intended for preventing NULL and offset-to-NULL dereference vulnerabilities in iOS 6, is the key subject matter for discussion in this part. Mark Dowd and Tarjei Mandt dwell on how this problem used to be addressed in the previous version of the platform, and describe in detail how security checks and user/kernel validation are implemented in version 6.

John Dee
John Dee
2.8K
iOS 6 Kernel Security 2 - Data Leaking Mitigations and Kernel ASLR

iOS 6 Kernel Security 2 - Data Leaking Mitigations and Kernel ASLR

In this part of their Hack in the Box presentation, Azimuth Security’s representatives provide an insight into the goals and tactics for iOS 6 data leaking mitigations, illustrating those with API code samples. Also, objectives and goals of the kernel ASLR strategy, namely randomizing kernel image base and kernel map, are being reviewed here.

John Dee
John Dee
3.3K