This is Neal Hindocha's Typepad Profile.
Join Typepad and start following Neal Hindocha's activity
Join Now!
Already a member? Sign In
Neal Hindocha
Recent Activity
I have not released any code samples, but in the case of iOS, my PoC uses method swizzling, something that is quite straight forward and material around this is easily found. Protecting against this type of attack is best done by detecting the jailbreak, since you cannot swizzle system-wide unless the device is jailbroken. An additional layer which is very important as well, is to look at the app and consider all methods that are being used (especially those communicating with the user and/or the network) and then implement swizzle detection. I cannot really go into how to detect swizzled methods in a comment since its probably a paper in itself, but it is possible. I just want to finish with a comment about jailbreak detection; I think apps should always detect jailbreak, but I do not think its a good idea to always act on it, as in, prevent execution on jailbroken devices, as this approach tends to attract attackers.
Toggle Commented Apr 9, 2014 on Touchlogging Part 1 - iOS at SpiderLabs Anterior
Thanks for letting me know, its fixed now.