Chapter 3. Stealing the Filesystem

In Chapter 2, you learned how to build and deploy custom code capable of dumping a user’s address book across an open network connection. As you may have already surmised, performing a complete theft of the entire user filesystem is also pretty simple. This chapter will demonstrate two forms of attacks that can copy the entire filesystem of a device across USB.

By copying the device’s data over USB, an attacker can transmit it very quickly without the need for wireless network connectivity. This attack does require at least temporary physical possession of the device, but could easily be modified to operate as spyware, making outbound connections to a remote server, and uploading content incrementally. Such a payload could be injected with physical possession, using redsn0w or other similar tools, or remotely through a 0-day remote exploit.

Depending on how much of the data is targeted on the device, a theft of personal data across USB could take anywhere from less than a minute (to transfer a small folder of files) to 10–15 minutes (to steal a full disk worth of data). The second example in this chapter demonstrates the copying of a complete raw disk image across USB, which can take anywhere from 10–20 minutes depending on the capacity of the device.

Full Disk Encryption

Starting with the iPhone 3GS, a hardware-based encryption module has been included as a standard hardware component. The module accelerates AES encryption, allowing the device to ...

Get Hacking and Securing iOS Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.