Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, January 28 • 11:30am - 12:30pm
Uncovering OWASP’s Mobile Risks in iOS Apps

Sign up or log in to save this to your schedule and see who's attending!

Mobile apps are ever more ubiquitous, but their widespread adoption comes at a cost. Seemingly every week, a new vulnerability is discovered that jeopardizes the security and privacy of mobile users. Examples include the popular dating app Tinder (leaked the exact location of its users), the photo messaging app SnapChat (exposed connections between phone numbers and users’ accounts) and CitiMobile (stored sensitive account information without encryption). These vulnerabilities (and many more) were not found by the developers of the applications, but rather by reverse-engineers who took it upon themselves to dissect said applications. 

Unfortunately, at least for iOS applications, reverse-engineering is still viewed by many as somewhat of a black art. This is due to a myriad of reasons; iOS apps are encrypted, written in a difficult-to-reverse-engineer language (Objective-C), and run on a mostly closed-sourced proprietary OS.  

This talk will detail the process of reverse-engineering iOS apps in order to perform security audits and identify common mobile-specific vulnerabilities (e.g. OWASP Mobile Risks). Specifically, the talk will describe how to extract an application’s unencrypted binary code, analyze the ARM disassembly, and identify vulnerabilities that commonly affect iOS apps. Real-life cases from iOS applications in the App Store will be presented to provide a more 'hands-on' feel to the reversing procedure and to show some actual security vulnerabilities.

Speakers
avatar for Patrick Wardle

Patrick Wardle

Synack
Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Currently, his focus is on automated vulnerability discovery and the emerging threats of malware on OS X and mobile devices. | | Patrick previously worked at NASA, the NSA, and Vulnerability Research Labs (VRL). While working at the NSA as a global network exploitation and vulnerability analyst, Patrick received several classified patents and helped lead... Read More →


Wednesday January 28, 2015 11:30am - 12:30pm
Annenberg Community Beach House: Track 4 415 Pacific Coast Hwy, Santa Monica, CA 90402

Attendees (7)