Author Archives: Tom Eston

Links From The Android vs. Apple iOS Security Showdown Presentation

Posted by on May 16, 2012 No comments

Android links

Android Gingerbreak Exploit
http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue/

Rooting Android 4.1 Jelly Bean on Nexus 7
http://www.android.gs/root-android-4-1-jelly-bean-on-google-nexus-7-using-one-click-root-tutorial/

Security Issues with Rooting
http://www.androidcentral.com/sometimes-root-isn%E2%80%99t-answer
http://www.androidcentral.com/android-passwords-rooted-clear-text
http://www.pcmag.com/article2/0,2817,2393273,00.asp
http://androidforums.com/evo-4g-all-things-root/439188-darker-side-root-web-security.html
http://en.wikipedia.org/wiki/Rooting_(Android_OS)

Mobile Malware (Android)
http://www.informationweek.com/news/security/attacks/240003514

http://countermeasures.trendmicro.eu/google-android-rooted-backdoored-infected/

http://nakedsecurity.sophos.com/2011/08/22/first-malware-using-android-gingerbreak-exploit/

Android Application Security Overview
http://source.android.com/tech/security/index.html

Android Device Administration API
http://developer.android.com/guide/topics/admin/device-admin.html

Juniper Networks 2011 Mobile Malware Report
http://www.juniper.net/us/en/local/pdf/additional-resources/jnpr-2011-mobile-threats-report.pdf

Android Orphans: Visualizing a Sad History of Support
http://theunderstatement.com/post/11982112928/android-orphans-visualizing-a-sad-history-of-support

The many faces of a little green robot
http://opensignalmaps.com/reports/fragmentation.php?

iOS v Android: why Schmidt was wrong and developers still start on Apple
http://www.guardian.co.uk/technology/appsblog/2012/jun/10/apple-developer-wwdc-schmidt-android

Apple iOS links

Recent “Find and Call Malware” found in Apple App Store
https://www.securelist.com/en/blog/208193641/Find_and_Call_Leak_and_Spam

iPhone Dev-Team Blog (info on all the latest jailbreak tools)
http://blog.iphone-dev.org/

Jailbreaking Q&A + Information on how to jailbreak all the new iOS devices with iOS 5.1.1 
http://www.jailbreakqa.com/

Jailbreak iOS 6 Beta 2 with redsn0w
http://www.idownloadblog.com/2012/06/25/how-to-jailbreak-ios-6-beta-2-with-redsn0w/

iOS Application Security Overview
http://developer.apple.com/library/ios/#DOCUMENTATION/iPhone/Conceptual/iPhoneOSProgrammingGuide/TheiOSEnvironment/TheiOSEnvironment.html

iOS Security Development Checklist
http://developer.apple.com/library/ios/#documentation/Security/Conceptual/SecureCodingGuide/SecurityDevelopmentChecklists/SecurityDevelopmentChecklists.html#//apple_ref/doc/uid/TP40002415-CH1-SW1

Other links mentioned in the presentation

Android study finds privacy and security risks related to in-app advertising
http://www.engadget.com/2012/03/19/android-study-privacy-security-risks-in-app-ads/

Links from Attacking & Defending Apple iOS Devices in the Enterprise Presentation

Posted by on March 3, 2012 No comments

Here are the links mentioned in my presentation:

iPhone Forensics Whitepaper
http://viaforensics.com/education/white-papers/iphone-forensics/

Jonathan Zdziarski’s Blog
http://www.zdziarski.com/blog/

News and tutorials for Jailbreaking
http://iJailbreak.com

Apple iPhone MDM Guide
http://images.apple.com/iphone/business/docs/iPhone_MDM.pdf

Managing an Exchange ActiveSync Server
http://technet.microsoft.com/en-us/library/bb124243.aspx
http://images.apple.com/iphone/business/docs/iPhone_EAS.pdf

iPhone Enterprise Support Page
http://www.apple.com/support/iphone/enterprise/

OS X Lion Captive Portal Hijacking Attack
http://blog.securestate.com/post/2011/10/07/OS-X-Lion-Captive-Portal-Hijacking-Attack.aspx

iPhone Security Document from Apple
http://images.apple.com/iphone/business/docs/iPhone_Security.pdf

Managing iOS devices in the enterprise
http://www.computerworld.com/s/article/9180268/Managing_and_securing_iOS_4_devices_at_work?taxonomyId=163&pageNumber=1

iOS Keychain Exploit
http://www.sit.fraunhofer.de/en/Images/sc_iPhone%20Passwords_tcm502-80443.pdf
https://github.com/ptoomey3/Keychain-Dumper

Great FAQ on Jailbreaking
http://forums.macrumors.com/showthread.php?t=1023947&highlight=faq

Tools
iPhone Explorer
http://www.macroplant.com/iphoneexplorer/

iPhone Analyzer
http://sourceforge.net/projects/iphoneanalyzer

Untethered Jailbreak for iOS 5.0.1 (non-A5 devices)
Targets non-A5 devices (iPhone 3GS, iPhone 4, iPhone 4 CDMA, iPad 1, iPod Touch 3G/4G)
Redsn0w 0.9.10 and PwnageTool
http://blog.iphone-dev.org/post/14857834236/untethered-holidays

PwnageTool 5.0.1
http://blog.iphone-dev.org/post/4332841631/three-years-of-pwnage-tool
Best place to download is Pirate Bay: http://thepiratebay.se/user/iphonedev/
Check SHA hash to make sure legit!
SHA1 Sum = 32e90607378988cdebb6c76d3acf8ffac6366e35

Untethered Jailbreak for iPhone 4S and iPad 2 (GreenPois0n Absinthe)
Targets the dual-core A5 processor
(iPhone 4S iOS5 or 5.0.1 – iPad 2 iOS 5.0.1 only)
http://greenpois0n.com/?p=173