Presentation Title: iPwning the iPhone
Presentation Abstract:

This talk will begin with a some basics about the iPhone and its architecture. What kind of hardware is on the device, what kind of applications come by default, what does the file system look like? It will then show how to get terminal access to a device including ssh access to it.

Next, the attack surface of the iPhone will be contrasted with that of the a typical Mac OS X Leopard computer. Ways to find vulnerabilities on the iPhone will be discussed including fuzzing and reverse engineering when applied to the iPhone. In particular, the iPhone SDK will be shown to be an effective tool in finding iPhone vulnerabilities.

Next, iPhone specific exploitation techniques will be discussed. These include taking into account the limited physical resources of the iPhone. The exploit used to win PwnToOwn at CanSecWest 2008 will be shown ported to the iPhone (1.4.1).

Finally, iPhone shellcode payloads will be demonstrated. These will include iphone specific shellcode as well as typical port bind shellcode. Writing shellcode in the absence of the /bin/sh executable will be highlighted. The highlight will be injecting arbitrary libraries into a compromised process.

About Charlie

Charlie Miller is Principal Analyst at Independent Security Evaluators. He is best known as the first to publicly create a remote exploit against the iPhone and has discovered flaws in numerous applications on various operating systems. He has spoken at the Workshop on the Economics of Information Security, Black Hat, DEFCON, ToorCon, ShmooCon, and CanSecWest. He has authored the book “Fuzzing for Software Security Testing and Quality Assurance” and the forthcoming “The Mac Hacker’s Handbook”. He won a MacBook Air by winning the Pwn2Own contest in 2008 for breaking into a fully patched Mac OS X computer. He has a PhD from the University of Notre Dame.