The iPhone: A Case for Software Security

Dwayne Bates

Acknowledgements

Graham Cluley’s Blog http://www.sophos.com/blogs/gc/g/2009/11/03/hacked-iphones-held-hostage-5-euros/

Nicolas Seriot (SpyPhone)-http://seriot.ch/blog.php?article=20100203

Apple’s Developer Site- developer.apple.com

Overview What is the iPhone? History of Privacy Issues for the iPhone Spyware and the iPhone iPhone Applications How did this information affect the

development process? Closing Remarks References

What is the iPhone?

Features: iPod

Phone

InternetQuickTime™ and a

decompressorare needed to see this picture.

Security Overview

History of Security and Privacy Issues: Root exploits and Personal Data Harvesting

Jailbreaking and Worms

Security Overview cont.'d..

Spyware and the iPhone: SpyPhone/var/mobile/Library/Keyboard//var/mobile/Library/Preferences/com.apple.accountsettings.plist/var/mobile/Library/Preferences/com.apple.commcenter.plist/var/mobile/Library/Preferences/com.apple.mobilephone.settings.plist/var/mobile/Library/Preferences/com.apple.mobilephone.plist/var/mobile/Library/Preferences/com.apple.mobilesafari.plist/var/mobile/Library/Preferences/com.apple.preferences.datetime.plist/var/mobile/Library/Preferences/com.apple.weather.plist/var/mobile/Library/Preferences/com.apple.youtube.plist/var/mobile/Library/Preferences/com.apple.Maps.plist/var/mobile/Media/DCIM/ Figure 2: Paths actually read by SpyPhone

iPhone Applications

Development Process Enroll in iPhone Developer Program

Download iPhone SDK

Gain working knowledge of Objective-C

iPhone Applications cont.'d..

Development Tools

Xcode- Development Environment iPhone Simulator- Simulation of the application

in it's environment Interface Builder- Used to build the user

interface

CLANG- Static Analysis Tool

Apple’s Secure Coding Guide

QuickTime™ and a decompressor

are needed to see this p icture.

QuickTime™ and a decompressor

are needed to see this picture.

QuickTime™ and a decompressor

are needed to see this p icture.

Motivation

In my work I propose the development of an iPhone application with the information and tools provided by Apple to developers. In addition, I will be evaluating the information and tools in an effort to see if they are adequate enough for development of secure applications. The development process will be enhanced to focus on the use of software security principles throughout the entire Software Development Life Cycle (SDLC). By incorporating these principles throughout the SDLC, the resulting application will be more reliable and better quality.

Proof of Concept

Poof- is an iPhone game in which the player must try to match at least three like tiles at a time in an effort to clear the board. If the player succeeds in this effort and achieves a high score they are prompted to enter their name into a high score list.

Contributions

Usability

Security

Integrity

Risk Analysis

Buffer Overflow

File Modification

High Score List Hacking

Memory Leaks

Buffer Overflow Input Validation

- -(BOOL) textField:(UITextField*)textField shouldChangeCharactersInRange:(NSRange)range replacementString:(NSString*)textEntered {

- NSCharacterSet *myCharSet = [NSCharacterSet characterSetWithCharactersInString:@"~`!@#$%^&*()_-+={}[]|\:";'<>?/.,"]; for (int i = 0; i < [textEntered length]; i++) {

- unichar c = [textEntered characterAtIndex:i];

- if ([myCharSet characterIsMember:c]) {

- return NO; }

- } return YES;}

- - (void)textFieldDidEndEditing:(UITextField *)textField {if([textField.text length]>0&&[textField.text length]<=10){

- acceptable=textField.text;}

- else{

- [self getUserNameErrorMSG:YES];}

- if((acceptable!=nil)){[self stringForHS:YES];}}

Buffer Overflow

Input Validation

File Modification

File Modification

-(void) saveSettings{NSString * path = [[NSBundle mainBundle] bundlePath];NSString * file = [path stringByAppendingPathComponent:@"settings.plist"];

[self.settings writeToFile:file atomically:YES];

[path release];[file release];

}

-(void) saveHighScores{NSString * path = [[NSBundle mainBundle] bundlePath];NSString * file = [path stringByAppendingPathComponent:@"highscores.plist"];

[self.highScores writeToFile:file atomically:YES];

[path release];[file release];

}

Memory Leaks

CLANG- Static Analysis Results

Memory Leaks

Conclusion

CLANG Security Related Bugs

File Validation File Paths File Read function enhancement