Hello guys,
Today I'll share my second PoC in iOS app, this vulnerability was not too tough to find so I think that's why it got duplicate. You just need to have some patience, and you too can find this vulnerability.
But to exploit this vulnerability the victim device should be jailbroken that's the only problem.
I found this vulnerability in an instant messaging app, which has a public program on Hackerone.
iOS is pretty secure, it uses many techniques such as sandboxing most common to prevent to be hacked, I think that's why developers don't care about these little things.
As this vulnerability got duplicate but the bug is not patched, so I am not gonna tell it's name.
The vulnerability was I could get the whole user's database saved into the user;s device without any encryption. Whatsapp also uses this technique to save backup, but it uses encryption so that no-one can see it.
.
Here I'll show you some images, in which you can see that what's I found there.
Today I'll share my second PoC in iOS app, this vulnerability was not too tough to find so I think that's why it got duplicate. You just need to have some patience, and you too can find this vulnerability.
But to exploit this vulnerability the victim device should be jailbroken that's the only problem.
I found this vulnerability in an instant messaging app, which has a public program on Hackerone.
iOS is pretty secure, it uses many techniques such as sandboxing most common to prevent to be hacked, I think that's why developers don't care about these little things.
As this vulnerability got duplicate but the bug is not patched, so I am not gonna tell it's name.
The vulnerability was I could get the whole user's database saved into the user;s device without any encryption. Whatsapp also uses this technique to save backup, but it uses encryption so that no-one can see it.
.
Here I'll show you some images, in which you can see that what's I found there.
As you can see in the images, I didn't only got the database also my private keys and pretty much everything.
So basically I just found this thing just by diving into the filesystem, that's not a rocket science. Anyone could find these vulnerabilities.
Now the intresting part how you can exploit this vulnerability.
First thing you can do, simply unlock the user's device and go into filesystem, to get all those juicy informations.
Second using SSH, if the user have OpenSSH installed, and didn't changed his/her default password "alpine".
Third thing, you can do this by developing tweak. I am not gonna develop tweak here, but I'll tell you how the tweak will work.
To develop tweak to exploit this vulnerability, you don't need to hook into any application and run anything, but as every tweak needs to hook into something, so just hook into SpringBoard.
Now if you have developed it's pretty easy, put the Tweak.xm file in folder like
/Library/mobile/Data/Bundle/Application/3HD7348HD7823-324UR2Y/Tweak.xm
This is the same folder in which that application stored all it's info. Now just copy those db files and upload somewhere, simple right, or simply backdoor.
The intresting thing about tweaks is that they can don't care about sandboxing or any other rules.
But within 6 hours it got duplicate, LOW HANGING FRUITS
4 comments:
Wonderful blog that made me to love iOS features, I was little bit confusing on whether to buy android smartphone or iPhone. Now with a clear vision I would suggest my friends to have iPhone than android mobiles.
Regards:
iOS Training in Chennai
iOS Training Institutes in Chennai
In future, for sure, Android will be the top technology in the IT market. Thanks for your blog on Android.
Android Training
Android Training in Chennai
After looking at a handful of the blog posts on your web site, I really appreciate your way of writing a blog. I added it to my bookmark webpage list and will be checking back soon.
Android Training Institute in Chennai | Android Training Institute in anna nagar | Android Training Institute in omr | Android Training Institute in porur | Android Training Institute in tambaram | Android Training Institute in velachery
Great Blog!!! Presentation was really good... thanks for sharing with us...
Android Training Institute in Chennai | Android Training Institute in anna nagar | Android Training Institute in omr | Android Training Institute in porur | Android Training Institute in tambaram | Android Training Institute in velachery
Post a Comment