[Reading Notes] basic knowledge of iOS-iOS security, Reading Notes ios-ios

[Reading Notes] basic knowledge of iOS-iOS security, Reading Notes ios-ios

1. iOS Hardware/device type.

The advent of the iPad is the first step on this side. The first-generation iPad uses the ARM Cortex-A8 architecture CUP, which is about twice the CPU speed used by the first-generation iPhone.

IPad2 and iPhone4S are another huge leap. They all use a dual-core processor of the ARM Cortex-A9 architecture, the CPU computing speed is 20% faster than the A8 architecture processor. even more astonishing, the A9 GPU is 9 times faster than the A8.

On the other hand, iPad2 uses a sub-dual-core processor, which enables the allocation program of iOS to fully run. In this way, the vulnerability attack structure is greatly affected, because the reliability of the vulnerability attack in a multi-processor environment is much weaker.

2. How does apple protect App Store.

Apps from App Store run in sandbox with lower-level permissions, which can reduce their destructiveness. You can see more content related to this.

3. Understand security threats.

In general, attacks against many desktop computers also occur on iOS devices. These attacks can be divided into two types: malware and vulnerability attacks.

The common method to protect devices from malware is to use anti-virus software. Anti-virus software is designed to determine which software is secure and which are insecure.

4. Understand the security architecture of iOS.

1. Smaller attack surface

IOS does not support Java or Flash, whether users like it or not. The security issues of these two applications have been around for a long time. Therefore, removing them makes it more difficult for attackers to find available vulnerabilities.

In addition, Apple's own. mov format is only supported by iOS, so many. mov files that can be played on Mac OS X cannot be played on iOS.

Most importantly, although iosflood supports partial files, it only parses some of the file features. Let's take a look at some of the relevant data. Some people have used some fuzzy files to test the Preview (PDF reader of Max OS X system), and the result has caused more than 100 errors. When he tests the same file in iOS, only about 7% of the files cause problems in iOS. This means to reduce the PDF features that iOS can handle, and Apple reduces the potential security vulnerabilities by 90% in this case. The fewer flaws, the less chance an attacker can launch a vulnerability attack.

2. Simplified iOS

3. the permission is removed.

IOS uses the user, group, and other traditional UNIX File Permission separation mechanisms to separate processes.

4. Code signature.

The most important security mechanism in iOS is code signature. All binary files and class libraries must be signed by a trusted organization (such as Apple) before they can be executed by the kernel.

5. Save the data (DEP ).

DEP does not allow Data Execution. It only allows code execution.

6. Address Space Layout randomization. (ASLR ).

In iOS, the locations of binary files, library files, dynamic link files, stacks, and heap memory addresses are all random.

When the system has both the DEP and ASLR mechanisms, the general method for writing vulnerability attack code for the system is completely invalid. In practical applications, this usually means that the attacker needs two vulnerabilities: one for obtaining code execution permission and the other for obtaining the memory to execute the ROP, otherwise, attackers need an extremely special vulnerability to achieve these two points.

7. sandbox.

5. A Brief History of iOS attacks.

1, Libtiff

2. SMS attacks.

3. lkee worm.

 

Reference: hacker attack and defense technology-iOS practice