Chapter 3. Stealing the Filesystem
In Chapter 2, you learned how to build and deploy custom code capable of dumping a user’s address book across an open network connection. As you may have already surmised, performing a complete theft of the entire user filesystem is also pretty simple. This chapter will demonstrate two forms of attacks that can copy the entire filesystem of a device across USB.
By copying the device’s data over USB, an attacker can transmit it very quickly without the need for wireless network connectivity. This attack does require at least temporary physical possession of the device, but could easily be modified to operate as spyware, making outbound connections to a remote server, and uploading content incrementally. Such a payload could be injected with physical possession, using redsn0w or other similar tools, or remotely through a 0-day remote exploit.
Depending on how much of the data is targeted on the device, a theft of personal data across USB could take anywhere from less than a minute (to transfer a small folder of files) to 10–15 minutes (to steal a full disk worth of data). The second example in this chapter demonstrates the copying of a complete raw disk image across USB, which can take anywhere from 10–20 minutes depending on the capacity of the device.
Full Disk Encryption
Starting with the iPhone 3GS, a hardware-based encryption module has been included as a standard hardware component. The module accelerates AES encryption, allowing the device to ...