iOS Security: Deep Dive I

🇨🇿 mDevCamp on 11 Jun 2020
iOS security pentesting

This is the first part of iOS Security Deep Dive. You can watch the second part here.

In 90 minutes we'll debunk the myth of iOS being secure-by-default, walk through the various techniques of penetration testing, try out a plethora of tools for security testing and learn how to make our systems as robust as possible.

Resources
📄 iOS Security: Deep Dive I slides
About this talk

What does this talk cover?

Why 'iOS is secure by default' is a myth: a 90-minute walk through penetration testing techniques and security-testing tools for iOS apps, recorded at mDevCamp 2020. This is part one of two.

Isn't iOS secure by default?

Apple's security overview promises products 'secure by design'; the talk opens with the evidence against taking that on faith, including Google Project Zero's 2019 iOS exploit chain.

Do I need a jailbroken device to test iOS security?

A whole section weighs it up: no-jailbreak testing is always possible and keeps you on safer legal ground but limits the toolkit, while a jailbroken device unlocks the versatile tooling and the real-world scenarios. The talk shows what each path looks like in practice.

Where can I watch the talk or get the slides?

The recording is embedded at the top of this page, and the part-one slide deck (PDF) is in the resources section. Part two continues in the same recording.

Related consulting

I run audits like this against client apps: MASVS-aligned, with reproduction steps and code-level fixes.

iOS Security Audit

Similar Talks

Big O Notation of your app
🇪🇸 NSSpain, 2020

Modern devices are way more powerful for users to notice a difference between bubble sort and merge sort. Or not? Should everyone know how to implement Ukkonen's algorithm if they develop a weather app? What's the "Big O" of your average app and how to determine it?
iOS Security: Deep Dive II
🇨🇿 mDevCamp, 2020

The second part of a thorough introduction into iOS Security, from various pentesting techniques, to possible flaws to use-cases and tools.
The Nomadic Approach to Teaching iOS Development
🇮🇹 SwiftHeroes, 2019

What teaching iOS at a Russian university taught me about learning. Turns out developers and nomads have more in common than you'd think — we both carry only what we need.
Independent watchOS: principles and practices
🇵🇱 Mobiconf, 2019

For a very long time, Apple Watch was considered to be a device for either people dealing with too many notifications. Today we will change it.
All talks