iPhone Security: A Case for Software Integrity and Privacy, Slides of Software Engineering

The history of security and privacy issues with the iphone, focusing on root exploits, personal data harvesting, jailbreaking, worms, and spyware. It also discusses the development process for creating iphone applications, including the use of objective-c and development tools like xcode and interface builder. The author proposes the development of a secure iphone application, implementing software security principles throughout the sdlc to enhance reliability and quality.

Typology: Slides

2012/2013

Uploaded on 04/26/2013

sharad_984
sharad_984 🇮🇳

4.5

(13)

129 documents

1 / 19

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
The iPhone: A Case for
Software Security
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13

Partial preview of the text

Download iPhone Security: A Case for Software Integrity and Privacy and more Slides Software Engineering in PDF only on Docsity!

The iPhone: A Case for

Software Security

Acknowledgements

 Graham Cluley’s Blog

http://www.sophos.com/blogs/gc/g/2009/

11/03/hacked-iphones-held-hostage-5-

euros/

 Nicolas Seriot (SpyPhone)-

http://seriot.ch/blog.php?article=

 Apple’s Developer Site- developer.apple.com

What is the iPhone?

 Features:

 iPod

 Phone

 Internet

QuickTime™ and a decompressor are needed to see this picture.

Security Overview

 History of Security and Privacy Issues:

 Root exploits and Personal Data Harvesting

 Jailbreaking and Worms

iPhone Applications

 Development Process

 Enroll in iPhone Developer Program

 Download iPhone SDK

 Gain working knowledge of Objective-C

iPhone Applications cont.'d..

 Development Tools

 Xcode- Development Environment

 iPhone Simulator- Simulation of the application

in it's environment

 Interface Builder- Used to build the user

interface

CLANG- Static Analysis Tool

Apple’s Secure Coding Guide

are needed to see this picture.^ QuickTime™ and adecompressor

QuickTime™ and adecompressor are needed to see this picture.

are needed to see this picture.^ QuickTime™ and adecompressor

Proof of Concept

Poof- is an iPhone game in which the player must try to match at least three like tiles at a time in an effort to clear the board. If the player succeeds in this effort and achieves a high score they are prompted to enter their name into a high score list.

Contributions

 Usability

 Security

 Integrity

Buffer Overflow

 Input Validation

  • -(BOOL) textField:(UITextField)textField shouldChangeCharactersInRange:(NSRange)range replacementString:(NSString)textEntered {
  • NSCharacterSet myCharSet = [NSCharacterSet characterSetWithCharactersInString:@"~`!@#$%^&()_- +={}[]|:";'<>?/.,"]; for (int i = 0; i < [textEntered length]; i++) {
  • unichar c = [textEntered characterAtIndex:i];
  • if ([myCharSet characterIsMember:c]) {
  • return NO; }
  • } return YES;}
    • (void)textFieldDidEndEditing:(UITextField *)textField {if([textField.text length]>0&&[textField.text length]<=10){
  • acceptable=textField.text;}
  • else{
  • [self getUserNameErrorMSG:YES];}
  • if((acceptable!=nil)){[self stringForHS:YES];}}

Buffer Overflow

 Input Validation

File Modification

-(void) saveSettings{ NSString * path = [[NSBundle mainBundle] bundlePath]; NSString * file = [path stringByAppendingPathComponent:@"settings.plist"];

[self.settings writeToFile:file atomically:YES];

[path release]; [file release]; }

-(void) saveHighScores{ NSString * path = [[NSBundle mainBundle] bundlePath]; NSString * file = [path stringByAppendingPathComponent:@"highscores.plist"];

[self.highScores writeToFile:file atomically:YES];

[path release]; [file release]; }

Memory Leaks

CLANG- Static Analysis Results

Conclusion

 CLANG

 Security Related Bugs

 File Validation

 File Paths

 File Read function enhancement