Crypto Attacks in iOS Applications
Submitted by Swaroop Yermalkar (@swaroopsy) on Monday, 6 February 2017
In context of mobile apps, it’s always said that never store sensitive data locally in plain text formats. It’s recommended that if require local storage, store data in encrypted format. However it’s still possible for attacker to gain the access to sensitive information when data is encrypted in improper way. There could be multiple reasons including bad algorithms, hardcoded encryption keys and so on. In this talk, we will look at crypto attacks which are commonly found in iOS applications.
Swaroop Yermalkar works as a Senior Security Engineer at Philips and his interests include threat modelling, security research and the assessment of IoT devices, healthcare products, web applications, networks, and Android, iOS applications.
He is the author of popular iOS security book ‘Learning iOS Penetration Testing’, Packt Publishing. He is also one of the top security researchers worldwide, working with Cobalt.io, Synack.inc.
He has been invited to give talks and training at various security conferences, such as Hacks In Taiwan (HITCON), Europeansec, ROOTCON, GroundZero, c0c0n, 0x90, DefconLucknow, and GNUnify. He has been acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple banking, iFixit, and many more for reporting high-severity security issues in their mobile apps.
He is an active member of NULL, an open security community in India, and is a contributor to the regular meetups and Humla sessions at the Pune, Bengaluru chapter. He holds various information security certifications, such as OSCP, OSWP, SLAE, SMFE, SWSE. He has written articles for clubHACK magazine and also authored a book, An Ethical Guide to Wi-Fi Hacking and Security.