O'Reilly logo

Hacking and Securing iOS Applications by Jonathan Zdziarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Hijacking Traffic

When all attacks against an application fail, attackers turn to another effective approach to attack remote resources: intercepting network traffic. Traditionally, hijacking a network connection has required the use of WiFi sniffers with WEP or WPA cracking tools, Ethernet wiretaps, or physical access to a desktop or notebook computer long enough to install spyware. Given the mobile form factor of iOS-based devices, and their willingness to blindly accept new configurations, hijacking both cellular traffic and WiFi traffic can usually be performed much more easily than a similar attack on a desktop machine. It’s so easy, in fact, that a device’s traffic can be hijacked without even compromising the device itself.

There are a number of ways to intercept network traffic across local networks; dozens of books have been written on the subject. This chapter will deal specifically with techniques an attacker might use to hijack traffic on an iOS device.

APN Hijacking

APN hijacking is one of the easiest attacks to carry out, and can even be carried out without physical access to the device—depending on how good your social engineering skills are. A cellular carrier’s APN (Access Point Name) tells the phone how to connect to the carrier’s network to send and receive data. APN configuration data on an iPhone or iPad contains the carrier’s GPRS gateway name, authentication information, and an optional proxy server and port. All traffic routes through the carrier’s ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required