iOS App Integrity: Enhancing Security with Encrypted Code Modules

Explore iOS app integrity and security measures in this OWASP AppSecUSA 2014 conference talk. Learn about vulnerabilities in iOS applications to static analysis and binary code patching, and discover open-source solutions like Encrypted Code Modules (ECM) to protect sensitive enterprise iOS apps. Gain insights into anti-tamper techniques that resist patching, and follow a step-by-step process to enhance the security and authenticity of iOS applications. Delve into topics such as jailbreak detection, debugger detection, and the iMAS (iOS Mobile Application Security) research project. Understand the iOS security architecture, various security controls, and advanced concepts like multi-compiler techniques and memory security. Examine the process of static app attacks, code injection, and binary patching, along with their consequences. Acquire knowledge about implementing and validating ECM to significantly improve iOS app integrity.

Introduction
iOS Mobile App Security (MAS) Elevator Pitch
Hacking and Jailbreaking ios Attacks and weaknesses are well documented
Recent iOS App Coding and OS Reported Vulnerabilities
Standard iOS Application Today
Research Idea: IMAS Secure Application Framework
iOS Security Architecture
IMAS App Security "trade-space" Comparison Mar 2014
IMAS - Security Controls Device Access
Github: project-imas.github.io 13 Controls
IMAS - Encrypted Core Data (ECD) em
Encrypted Core Data Additional iMAS Support
Multi-compiler Based on work out of UC Irvine by Michael Franz and Per Larsen . Produces different binaries each compile • Static analysis and ROP exploits must account for variations
System Monitor - Monitor all device processes and network calls at the kernel level - Filtering tools to find and react to developer defined system events -IMAS provides direct programmatic app integration
Memory Security Allows encryption, wiping, and checksums of objects in memory - Provides function address space validation Application Start
File Shredding
IMAS Sentry Application Add to existing Apple deployed devices • Jailbreak and Debugger Detection
Prior Research Focus - modifying ELF structures
iOS Static App Attacks
Static App Attacks Process
Code Injection and Binary Patching
Consequences of Static Attacks
Encrypted Code Modules (ECM) WHAT?
IMAS Encrypted Code Modules (ECM) Summary
ECM - Encrypted Code Modules Concept 2/3
Build Summary
App Startup
Validating Integrity
ECM Advantages