Jonathan Zdziarski, a security researcher for viaForensics who says that iOS app hacking is easier than you think.
(Credit: Seth Rosenblatt/CNET)
LAS VEGAS -- While Apple was making its decidedly lackluster Black Hat debut just one floor up, security researcher Jonathan Zdziarski was explaining the dark art of iOS app hacking to a smaller but still crowded room.
A senior forensics scientist at viaForensics, he clearly didn't have much faith in the security of apps running on iOS. "iOS can be infected through a new zero-day, or you can take a phone and run real fast. Apparently, bars are a great way to pick up iPhones," he said as the audience chuckled, clearly remembering the two separate lost iPhone prototype incidents. He wasn't joking, though. There are three ways to hack an iOS app. One involves a zero-day exploit, a previously-unknown security hole. These are rare, but not unheard of for iOS apps. The other two involve getting physical access to the phone, Zdziarski said. "You can infect the phone without a passphrase. The virus or bit of code sits on the phone, waiting for the user to unlock it." Or, he explained, "Give me two minutes... [Read more]
No comments:
Post a Comment