iOS is Apple's operating system for the iPhone, iPad and iPod Touch.
5
votes
2answers
90 views
Security precautions for shared iPads in a customer facing corporate environment
Most tablets, and iPads in particular, are typically single user devices.
Scenario: A service business that interacts directly with customers in person and wants to use iPads while interacting with ...
3
votes
1answer
68 views
Distributing API Keys to Mobile Apps
I'm currently developing a mobile app (iOS based initially) that consumes multiple APIs. Currently we're storing API keys as strings in the the prefix header file, and initializing most of the APIs ...
2
votes
1answer
146 views
Secure erase iOS devices
All iOS devices from the iPhone 3GS have a hardware encryption chip, right?
When you erase an iOS device with the "Erase All Content and Settings" menu item or via Remote Wipe the encryption keys are ...
5
votes
2answers
156 views
Is it safe to sync private keys between iOS devices using iCloud?
My iOS app has to handle storing private keys for the user. Normally I would just use Keychain Services for this as I would a password, but it would be great if I could sync the keys between the ...
9
votes
1answer
157 views
List of methods in iOS that have been deprecated for security reasons?
Is anybody on the nets keeping track of iOS methods that have been deprecated by Apple for security reasons? I have searched around but with no luck.
Going through all the deprecated methods and ...
-1
votes
1answer
64 views
Possible ways to test security for Windows Phone 7 or iOS devices [closed]
I'm trying to test the security features of different types of OSs available, and I decided to narrow this down to the Windows Phone 7 and iOS operating systems. I will be testing both my Nokia 800 ...
13
votes
4answers
561 views
What measures should be taken when losing an iPad
When losing a tablet that has been used to access email accounts , beside changing the passwords, is there anything more can be done?
What are the most common problems that might occur if the iPad ...
2
votes
2answers
260 views
HTTPS verification failed - get certificate information iPad/iPhone
I went to log onto my bank's internet banking website this morning using Google Chrome browser on my iPad. I get the red error message of death. I can't figure out why. It's happening on both my ...
3
votes
1answer
179 views
Is there cryptographic material in a phone's SIM card that can be used with RSA encryption?
Given that a smart card stores a private key that can't be extracted, it appears that a SIM card is similar to a smart card in these respects.
I need to store (or use an existing) private key on a ...
1
vote
3answers
440 views
Encrypt data within mobile app and send to web service
I'm developing a mobile application for Android and iOs. What is best practice when it comes to data encryption within the mobile application which will be sent to a web service?
Basically I will ...
2
votes
2answers
234 views
Why is this SSL handshake failing with iPad? [closed]
I do have a tomcat server that listen on an SSL socket with TLS protocol. When connecting with all desktop browser everything work right. When connecting with Safari on iPad, the SSL handshake fails.
...
1
vote
3answers
209 views
Sending secure information from app with ssl
I'm a web developer, but I occasionally step over into doing some mobile app development here and there. A client recently asked me to help them develop a very simple app. The app is essentially just ...
2
votes
1answer
123 views
Data remanence on mobile devices
The methods in which data should be deleted is strictly enforced by the DoD as well as others security sensitive organizations. However, there are complications with deleting data on an SSD.
Given ...
-2
votes
1answer
242 views
Foolproof Jailbreak detection? [closed]
I went through various posts which talks about jailbreak detection mechanisms. Whatever I came across is either something that apple would reject during the vetting process or something that could be ...
2
votes
1answer
196 views
Is there any way to list the contents of the iPhone/OSX Keychain and their security level?
I have a few apps that I purchased from the app store that probably store information in my keychain on OSX and on the iPhone.
Since it's possible for keychain items to be bound to a device (and ...
1
vote
3answers
109 views
Is possible to know if increased marketshare means more viruses?
I'm having an argument with other developers about why more "viruses" exist (including all forms of external attacks, exploits, etc) in Android vs iOS. Like with Windows vs *nix, the main idea is that ...
5
votes
2answers
130 views
How much should I care about the iOS/Android version when pentesting mobile app?
Lets say I am performing penetration testing on mobile application, How significant is the version of operating system I am using while running the application?
I.e. if I test mobile application ...
2
votes
4answers
357 views
iOS app - hash user password in-app or on-server?
I'm working on an iOS app that will also have a web component. When a user creates an account, their password will be salted and hashed. I already have the hashing algorithm working on the web-side.
...
3
votes
2answers
606 views
Security analysis tools for iOS 6 [closed]
Searched over web, however could not find much info on security analysis tools for iOS6.
Can somebody point me to the security analysis (Static Code Analysis & Pen Testing) tools for iOS6?
2
votes
1answer
223 views
How to verify the signature in an iOS Passbook pass?
The Passbook application in the new iOS6 keeps track of movie tickets, coupons, and other 'passes' for you, and the passes themselves are loaded onto the user's device via file packages with the ...
3
votes
2answers
987 views
Privacy implications of IDFA/IDFV? (iPhone/iOS)
Apparently, iOS 6 introduced IDFA, "identifier for advertisers", which identifies your device so that advertisers can track you and send you ads. It appears they also introduced IDFV, "identifier for ...
0
votes
0answers
261 views
How to do a penetration test on an iOS application? [closed]
I have newly started pentesting of iOS apps. I need a pointer about what are the basic checklist should I follow while carrying out iOS apps pentest.
Suggestion of tools and methodologies to carry ...
4
votes
2answers
2k views
iPhone full disk encryption and theft protection?
Is it possible to fully encrypt an iPhone? What cipher does it use and are there any weaknesses?
How can I protect my valuable data, such as email, when my iPhone gets stolen?
2
votes
1answer
882 views
Kik | WhatsApp - Encrypted? iOS / Android Message encryption tips [closed]
Kik says that their client is using ssl etc. But it's kind of hard to tell if the messages is actually encrypted between the devices. What i can understand is that they don't got device-to-device ...
3
votes
1answer
248 views
Loginless Client/Server Architecture (iOS)
I'm currently in the phase of planing a project involving loginless service.
Users would be identified by an unique device id created on the client (ios).
What are the security concerns?
sockets ...
2
votes
1answer
126 views
Any problems with UCC (multidomain) SSL certs on iOS and Windows Phones?
Are they any known issues with UCC (multidomain) SSL certs on iOS or Windows Phone?
Let's say I want to have Exchange server under outlook.mycompany.com and RemoteApp Portal under ...
3
votes
2answers
1k views
How to supply OpenSSL generated Private & Public Keys to iOS & Android apps?
The problem statement is:
To supply clients on a network with individual Private & Public keys generated on a Server over the wire(over a HTTPS connection after they are registered). The clients ...
-2
votes
2answers
249 views
Is it secure to use XML to build iPhone application? [closed]
I know PHP/MYSQL but i don't know much about iPhone development and as such I found someone to help me. He is telling me that he can make my app, which will be a basic note taking service that will ...
5
votes
1answer
325 views
The safest way to access GMail on mobile devices
There are three ways to access your GMail account on iPhone or iPad devices:
1. Use safari browser
2. Use Apple's default mail app
3. Use Google's Gmail app
What is the safest way to access gmail ...
3
votes
1answer
368 views
Is XRY Forensic Tool able to extract data from iPhones?
As far as I know this only DOESN'T work with iPhone 4S and iPad2 / iPad 3, because of the fixed Boot Rom. So, is it no longer possible to brute-force the passcode lock? Can anybody confirm this with ...
2
votes
2answers
228 views
What are the best practices for maintaining privacy on a non-jailbroken iOS device?
iOS, like most other mobile OSs, has the potential to leak significant chunks of personal information to 3rd-party apps and to ad and tracking networks used by those apps, which in turn also has the ...
1
vote
3answers
845 views
Intercept data sent via bluetooth
I am trying to re-write a closed-source application, originally deployed on mobile devices, that lets you command and control a certain type of mechanical robots via bluetooth.
The new application I ...
2
votes
1answer
206 views
Does iOS use built-in certificates to authenticate peers when using ipsec VPNs?
Suppose I am setting up an IPsec VPN for Apple iOS clients with the requirement that the iOS clients need to know that the server is legitimate and vice-versa.
I create a root CA and issue a ...
5
votes
3answers
829 views
Proof of SIM card possession on iOS devices
I need to proof that a user of my app is in possession of the correct SIM card.
On android devices, this is possible by simply sending a challenge within an SMS to the corresponding number (the proof ...
6
votes
3answers
813 views
Can malware read keychain entries on iOS devices?
Keychain entries of a 3rd party app are protected according their 'protection class'. For example, assigning the class 'kSecAttrAccessibleWhenUnlocked' to a keychain entry means that the entry is only ...
5
votes
1answer
879 views
iOS: Sandbox on jailbroken device
From my point of view and with my rather poor knowledge of iOS, the principle of a sandbox in iOS is the following:
each app and its data is installed in a private area within the partition, but ...
0
votes
1answer
368 views
Iphone App Pen Test Guidance [closed]
I'm going to be studying pentesting iPhone apps. I'm a beginner in this area, and would like some guidance on the prerequisites of pen testing an iphone app, the details of the Mac machine that I'd ...
9
votes
5answers
2k views
Keyloggers on Smartphones?
I need to clarify my question. I'm wondering if there are any apps for smartphone that can log each 'keystroke' (i.e. key pressed on touchscreen) that a user does. Performing a google search brings up ...
2
votes
1answer
182 views
How secure are native iPhone - PUSH Services
The native app is sending the UDID to Provider Service for recieving PUSH Notification thru APNS. How is it possible to prevent tampered request(modified UDID) getting processed at Provider Service?
...
2
votes
1answer
453 views
Which crypto-algorithem uses iOS in NSDataWritingFileProtection and what is the keysize?
I need to know the crypto algorithm and key strength of NSDataWritingFileProtection. I would like to know the same things for using the Keychain and NSFileManager.
I searched the Apple Developer ...
10
votes
3answers
2k views
iOS/Android Pen-Test
This question might be vague, that is because I am not sure where to start.
There are a lot of books and courses on pentest focusing on networks, systems, and OS such as windows, yet I haven't been ...
2
votes
2answers
737 views
Guidelines for secure iPhone application development
Are there any security guidelines for development and assessment of (native) iPhone applications?
2
votes
2answers
203 views
Securing iPads and laptops in an enterprise
We have users in our organization who own iPads and we'd like to connect them to the network; however, if the users download and store sensitive data on the devices, that can pose a security issue. Is ...
5
votes
3answers
339 views
Should we store meeting minutes on an iPad?
Being employed in the infosec field I would like to set a good example. However I also do not believe in sweating the small stuff and would like to maximize my productivity. My current workplace, ...
12
votes
7answers
3k views
Are jailbroken iPhones an enterprise security risk?
Background
My company is currently in the process of rolling out support for the iPhone. As a part of this rollout, they are requiring employees to install an application on their phones that allows ...
7
votes
5answers
808 views
Best practices for securing an iPhone
As this question on voicemail protection got answers veering more to protecting the mobile phone, I thought I should add a specific question on this topic.
There is already a question on protecting ...
3
votes
1answer
454 views
How to secure an application under iOS against jailbroken devices
I noticed that some apps, e.g. Skype, is capable to exit and not run in case one has jailbroken his iOS based device.
I couldn't find online how to check that a device is jailbroken. Please anyhelp ...
2
votes
1answer
250 views
How to tell if Firefox Home (iOS) is using Data Protection API?
The source code is here: http://mxr.mozilla.org/services-central/source/fx-home/ What should I be looking/search for? Or even how to extract /ffhomeDB.sq3 and see what it contains.
10
votes
8answers
475 views
iPhone Tracking debacle - risks and countermeasures
For those of you who are not familiar with the topic, a quick search will turn up a lot of hits, e.g. see the researcher's report at Got an iPhone or 3G iPad? Apple is recording your moves - O'Reilly ...
4
votes
2answers
891 views
On iOS, what's the benefit of OpenSSL over using CFStream, CFNetwork etc. for secure sockets?
I asked this already on Stack Overflow, here. I was told I might find answers here.
