In Chapter 2 you learned a great deal about iOS applications, how they function, how they are distributed, and how they are built. This knowledge provides a foundation with which to explore this chapter, which focuses on the following scenarios for attacking iOS applications:

• Attacking from the network, including using tainted data originating from server-side applications
• Attacking an application with physical access to the device
• Attacking an application with interactive access to a device, including from the perspective of another application on the device

When conducting an assessment of any mobile application, consider these three attack surfaces so you can make informed decisions when identifying and exploiting different attack vectors.

Introduction to Transport Security

Almost all mobile applications have to perform network communication. The ability to transmit and receive data enables applications to offer more than static apps offer. For example, they allow data to be continually updated and enable users to interact with server-side components and with each other to provide a feature-rich experience. However, due to the nature of mobile devices this communication may often occur over untrusted or insecure networks such as hotel or café Wi-Fi, mobile hotspots, or cellular data connections. Consequently, performing communications in a secure manner is imperative. This section walks through the types of vulnerabilities that can ...