Hacking and Securing iOS Applications
Stealing Data, Hijacking Software, and How to Prevent It
Publisher: O'Reilly Media
Released: January 2012
Pages: 358

If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.

  • Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
  • Learn how attackers infect apps with malware through code injection
  • Discover how attackers defeat iOS keychain and data-protection encryption
  • Use a debugger and custom code injection to manipulate the runtime Objective-C environment
  • Prevent attackers from hijacking SSL sessions and stealing traffic
  • Securely delete files and design your apps to prevent forensic data leakage
  • Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace
Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyHacking and Securing iOS Applications
 
4.6

(based on 5 reviews)

Ratings Distribution

  • 5 Stars

     

    (3)

  • 4 Stars

     

    (2)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

100%

of respondents would recommend this to a friend.

Pros

  • Accurate (3)
  • Concise (3)

Cons

    Best Uses

    • Expert (3)
    • Intermediate (3)
      • Reviewer Profile:
      • Developer (4)

    Reviewed by 5 customers

    Sort by

    Displaying reviews 1-5

    Back to top

     
    4.0

    Great Resource - Needs updating

    By intechpc

    from Somewhere, WI

    About Me Developer, Educator

    Verified Reviewer

    Pros

    • Concise
    • Easy to understand
    • Helpful examples

    Cons

      Best Uses

      • Expert
      • Intermediate

      Comments about oreilly Hacking and Securing iOS Applications:

      This is a great book and most of the concepts are still applicable. However the book could really use some updating. Command lines given for building various exploits along the way are no longer valid with XCode5 and as a result readers are not able to follow along with the exercises in the book anymore. Updated commands to cross-compile for ARM using clang would bring this book back up to date.

       
      5.0

      Awesome Book

      By Nish

      from Dubai, UAE

      Comments about oreilly Hacking and Securing iOS Applications:

      I have read the book and currently in the verge of finishing it. Book is very helpful in securing the iOS Applications. But just wanted a query from Jonathan Zdziarski on the JailBreak fix he had mentioned.

      How would I be able to contact him ?

      (3 of 3 customers found this review helpful)

       
      5.0

      The Book on iOS Security for Developers.

      By Nick Charlton

      from Exeter, UK

      About Me Developer

      Verified Reviewer

      Pros

      • Accurate
      • Concise
      • Easy to understand
      • Well-written

      Cons

        Best Uses

        • Expert
        • Intermediate

        Comments about oreilly Hacking and Securing iOS Applications:

        I started this just after the Path fiasco. It seemed timely to brush up on my security knowledge, especially for iOS intricacies, recommended practices and understanding obvious flaws. This book provides that; it's a great next-step if you've been developing for iOS or the Mac for a while. Fortunately it assumes that, which allows the book to quickly jump into examples and solutions.

        After debunking some common myths, the book delves into pushing code onto a jailbroken device. It was quite an eye opener to see how simple it was (this isn't something I've done since back on iPhone OS 1.3.3, or so.) If you can compile something using gcc, you can just about as easily (and quickly) push something onto a device.

        Related to the Path fiasco, the next fuller example (in Chapter 2) is about pushing the Address Book over the network. I found that quite amusing.

        The book then descends into exploiting the filesystem, and other common attack vectors. This is followed by sections on manipulating the Objective-C runtime and examples in applications which are the time of writing claimed to be "secure", but suffered from simple to discover flaws.

        The second half of the book delves into advice on writing secure applications. Its "now you know what you can do, here's how to engineer around it" style works fantastically and provides the most value - especially if you're building something which is security conscious. Notable here was the chapter on encryption. It covered implementing SSL and flaws relating to it, as well as delving into using public-key encryption along with SSL when passing data around.

        After this, the book delves into ways to obfuscate methods and protect the data the application is working with. For example, providing traps which when executed would erase any useful encryption keys, or phone home (passing logs and/or GPS coordinates) to help mitigate any knock-on effects of a breached application. Some of these security holes are due to the reflective nature of Objective-C, which allows you to modify the runtime as it is executing - catching tampering attempts, or placing honey traps for attackers can be used as another line of defence.

        But, more importatly, the book aims to bring across a fundamental of security and penetration testing: You need to think and act like an attacker to see potential flaws and attacks. For this it is organised well, and because of that, it's a great position to leap off from.

        (3 of 3 customers found this review helpful)

         
        5.0

        Enlightening and inspiring

        By mko

        from Poland

        About Me Designer, Developer

        Verified Reviewer

        Pros

        • Accurate
        • Concise
        • Helpful examples

        Cons

          Best Uses

          • Expert
          • Intermediate

          Comments about oreilly Hacking and Securing iOS Applications:

          This book shows the other side of Apple's devices. Less secure one. We all are told that iOS based devices are secure due to restrictions applied by Apple. This is not exactly true. Well, there is always the other side of the coin.

          When I started the book I simply dived into it. I read it over one evening. Jonathan takes you on the journey over the low level layers of iOS development and shows what bad guys can do when they put their hands on your "precious". He presents how to jailbreak device, how to access common data, how to retrieve information from the device, how to manipulate it and how to compromise it. After various malicious behavior is described, Jonathan shows how to make your own applications more bullet proof. How to avoid caching, how to encrypt better, how to detect jailbreaked devices. Last topics is particularly interesting for people who develop proprietary software and want to make sure it will not be compromised by irresponsible users. You will also learn few interesting debugging techniques and find loots of references to other sources related to the topic.

          Book is both rewarding and demanding at the same time. If you are an iOS newbie, you'd better learn more about Objective-C, shell and iOS SDK before you start this one. Contrary, if you are familiar with mentioned topics already, and you know some basics of assembler, go ahead and buy this one.

          Note!! To fully benefit from the book you will need a device that you can jailbreak. Otherwise you won't be able to follow all exercises.

          (8 of 9 customers found this review helpful)

           
          4.0

          Even security is sexier on the iPhone.

          By Meego

          from Amsterdam, NL

          About Me Developer, One woman army

          Verified Reviewer

          Pros

          • Accurate
          • Well-written

          Cons

            Best Uses

            • Coder

            Comments about oreilly Hacking and Securing iOS Applications:

            Who am I: I'm an iOS dev, looking to know more about the system my livelihood depends on ;) .

            My needs: Learning how to increase security for my apps, as I want to penetrate the enterprise level apps world (in my humble experience larger organizations tend to focus more on security).

            Found in the book: I've only worked through the first three chapters, but I have to say that this book is an eye-opener. JZ takes you on a tour of the iOS, right into the nitty gritty bits. Which I love. JZ shows a way of figuring out how one might code more securely, a guided tour into iOS hackery. If the rest of the book is as interesting a read as the bit I am currently on, this is a great book. I don't often get this enthusiastic about something only halfway through (though I haven't even gotten to that point yet).

            Not found in the book: This is not a book that holds your hand. Understanding of the shell is a must. Some experience rooting around in (your own) binaries is a plus. One needn't be a wizard (which is nice), but you should be an experienced user (which is kind of nice, but may be off-putting to some people). Not for beginners, though a motivated beginner + this book + google will learn loads ;)

            The only reason this book gets 4 and not 5 stars is that I'm not done yet, and so I cannot comment on the later chapters.

            Displaying reviews 1-5

            Back to top

             
            Buy 2 Get 1 Free Free Shipping Guarantee
            Buying Options
            Immediate Access - Go Digital what's this?
            Ebook: $19.99
            Formats:  ePub, Mobi, PDF
            Print & Ebook: $43.99
            Print: $39.99