Hacking and securing the iPhone, iPad and iPod Touch: iOS features

Diana Kelley (Partner, SecurityCurve) gives a presentation at InfoSec World Conference to outline the background of the iOS and speak on security of iOS devices

Hello and welcome! I’ll talk a little bit about hacking and securing the iPhone, and iPad, and the iPod Touch. Does anybody know why we can say that we are hacking all of them when we have a single device? Yes, they are all the same.

I actually have a question about what iOS is, but you guys already know the answer to that. We are gonna talk a little bit about the iOS which is actually used on some other devices as well. Any Apple TV users? Yes, got a couple.

We’re gonna talk about the headlines, the hacks, and the breaches. We will have a demo. The demo is going to be around jailbreaking. So we gonna show you jailbreaking with three different pieces of software.

Now, unfortunately an iPod cannot actually share its screen with you. Well, we can show off an iPod or iPad as either a static photo – so a screen capture photo – or movie. It’s great you can put your movie from your iPod on to. But what it is unfortunately not great for is for the kind of demo that I would like to do here. So for that portion of the program I have the screen captures off of this. I’ll be doing it live so you will be able to see things happening. But unfortunately because of the limitations we cannot get that nice beautiful side of seeing it in action.

But here is something that is fun. The really interesting side is on your PC as well, so you will be able to see live as I jailbreak this. You will be able to see that happening live from the PC side, because it’s the PC side where you control the jailbreak, just so you know what we will be seeing there. That’s gonna be the demo. We actually will be demoing with LimeRain¹ and Redsnow².

Is the iOS enterprise ready? Because there is hacking, there is a hacking school, it’s interesting, it’s fun. If you are a developer it’s a really good way to get control of your iOS device.

But for a lot of us, if our job is securing, we need to secure – what can we do to lock the devices down, and how can we secure them, are they ready for the enterprise? So we will spend time talking about that so that you can see how to actually do that. There is a general configuration demo that focuses specifically on the issues that you can control. You can do this over the air from a central management device. And you can do it right on the iOS device itself. We are going to show you doing it on the iOS, but obviously if you’re gonna deploy this in a large environment, you wanna put the same kind of controls for the enterprise itself.

What is the iOS?

We have answered this question: what do these devices have in common? These are all iOS devices. And ‘i’, I guess, is Internet. Steve Jobs seems to have loved the ‘i’, you can iChat with your iFriends on your iPhone. I guess that’s where we got iOS.

Is anybody here a Cisco router admin? You have a warm place in your heart for IOS³, don’t you? Because Cisco routers and switches run the IOS. And I believe there had to be some little communication between Cisco and Apple when Apple wanted to call it the iOS. They are completed unrelated other than that they have got the same names. But the iOS is what runs on iPhones, iPads, iPod Touches, Apple TV. The Cisco IOS is the operating system for their routers.

How many folks here have iPads, or iPods, or iPhones? You got a lot. How many of you have already jailbroken your stuff? You guys can come up and share the demo with us.

So, a little bit of background on the iOS itself. And this explains a little bit about why people want to jailbreak it. Jailbreak sounds kind of cool, like: “Oh, I am gonna do something really fun and funky with my phone, and get it out of ‘jail’ free”.

There is actually a real reason for this. This is a Unix based system. And in Unix, there is a concept of the Root, or the Super User. It’s similar to Admin on the Windows system. And the Root, or the Super User, can do a whole lot of stuff that the average user cannot do. iOS is built on top of that concept. Another thing that the iOS has – not necessarily security yet but I am interested in how researches are gonna go with this – is multi-touch. So you can actually, with your fingers, change and interact with the operating system, with the application itself.

You might say: “Hey, how is that security?” At this point, I don’t know of any interesting research on how that is security, but I think it is something to consider. This may be something to watch with if there is a way to exploit that.

The iOS was not fully multi-tasking, so it got multi-touch but not multi-tasking, until April 2010.

It is very friendly with third-party apps. Ted Mosby from ‘How I Met Your Mother’, he is the voice of Apple, there is an App for that. And we all know this now, his voice sometimes rings on people’s ears because Apple has reminded us again and again. There is an app for that. So we have a lot of developers that are creating things that they can either sell or give away free that can run on the iOS. It comes with native SDK. Right now, there are over 300,000 apps in the App Store.

But Apple has some checks and balances on the apps that go into that store. One thing that right now isn’t going into the App Store for example is antivirus, possibly because the iOS would never get a virus, or because of interaction that the antivirus would have to have that isn’t approved.

But there are certain things that you cannot be approved to be going to the App Store with, as an application. So that has created sort of a grey area where some developers want something that wouldn’t necessarily be approved. It doesn’t have to necessarily be malicious.

The iOS makes strong use of Digital Rights Management as well. We’ve got that already it is supposed to actually stop mis-use. So there is strong support, it’s gonna control that mis-use when you tether back to your device. Some people feel that this actually is a problem because that really restricts your ability to use the applications, it makes it ‘defective by design’ rather than ‘secure by design’. So if you feel that way, this is gonna help you understand why some people want to jailbreak, why they want to get out of the sandbox. It is the way that the iOS is used now un-jailbroken.

If you are developing, what are some of the things that you have to do? You do have to have the application vetted by Apple, to see whether or not it can go into the store. Then you’re gonna have to have it signed. And it’s gonna get up there and it’s gonna run in its own little sandbox. So they control a certain amount of what does and doesn’t happen with that application. They also require that there is a distribution fee, a lot of developers don’t like that. And they can remote delete it.

So if you are a developer and you got an app in the App Store, this is okay with you. And I am not saying that there is anything wrong with this Apple’s approach. I’m just explaining what the parameters of their approach are, so you might understand a little bit more about what’s going on with why people want to jailbreak.

To be continued…
 

¹ – LimeRain, also known as Limera1n, is a tool that allows jailbreaking the iPod Touch from a Mac or PC computer.

² – RedSnow, aka redsn0w, is a free iOS jailbreaking tool developed by the iPhone Dev Team, capable of executing jailbreaks on many iOS devices by using low-level boot ROM exploits and additional exploits.

³ – IOS (originally Internetwork Operating System), not to be confused with iOS, is software used on most Cisco Systems routers and current Cisco network switches.