Update 2 on iOS smart home application analysis

During the past 2 weeks, I have been working on the iPhone 4S that we just purchased. In last week, I learned about different types of jailbreak, tethered, semi-tether, and untethered. And I did a semi-tether jailbreak, which means that I can still use the phone when I reboot. The reason for jailbreaking iPhone is to enable us to use a third party tool, Clutch, to decrypt Apple Store applications so that we can perform further static analysis.

Over this week, I have been reading Apple’s documentation on iOS and OS X networking. Although it was a very long documentation with many suggestions without much specifics on board topics, I was able to get a grasp of how Networking in general works. I also looked into the specifics of Socket programming, in specifically, TCP and UDP client-server model.

Upon further reading on the security aspect of Networking, the documentation suggests that to make HTTP or HTTPS request by using NSURLSession or NSURLConnection APIs. In addition, they noted that connection to a URL via TLS is trivial. However, if we were to use socket connection, then we have to handle encryption and decryption ourselves.
There are two things that developers need to watch out. One is that they have to make sure that have installed the certificate correctly, and second is that they never disable certificate chain validation. If one needs to allow a self signed certificate, then there are a series of rules to follow. (I am in the process of reading it.)

Another paper that had an interesting approach in detecting flawed connection is to connect a test device to a transparent proxy server. This will output the response from the server to the client. If they are using TLS correctly, we would not able to get any information from the message, if they are not, we would be able to see the data in plain text. Fortunately, I had some experience of making a transparent proxy server, so I think we can also utilize this method to validate our finding.

Plan for the future:
My plan for the future is to find out exactly what are some rules for overriding the certification chain validation. And some common pit-fall of doing it. After that, I will check it with IDA to see if I can find such problem. Maybe first I will need to find one application that are known to have this problem, so I can see if my approach gives me the right result.

Speak Your Mind

*