GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« SpiderLabs Radio: February 27, 2014 | Main | Gamut Spambot Analysis »

03 March 2014

Comments

I have not released any code samples, but in the case of iOS, my PoC uses method swizzling, something that is quite straight forward and material around this is easily found.

Protecting against this type of attack is best done by detecting the jailbreak, since you cannot swizzle system-wide unless the device is jailbroken.

An additional layer which is very important as well, is to look at the app and consider all methods that are being used (especially those communicating with the user and/or the network) and then implement swizzle detection.

I cannot really go into how to detect swizzled methods in a comment since its probably a paper in itself, but it is possible.

I just want to finish with a comment about jailbreak detection; I think apps should always detect jailbreak, but I do not think its a good idea to always act on it, as in, prevent execution on jailbroken devices, as this approach tends to attract attackers.

Have you released any of the example code for how to do this keylogging in the background? As an app developer building secure apps, I'm interested in learning more, and especially how to stop it.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment