Skip to main content
#DieHimmels­traeumerin

iOS dev • sketchnoting • accessibility • pineapple on pizza • sports • she/her

NSSpain 2023: Hacking iOS Mobile Apps

Sketchnote of NSSpain 2023 talk by Kamil about how to hack an iOS mobile app and what not to do

Detailed image description of the sketchnote

  • Don't do that at home, kids!

Bad Developers

  • code review with code far right... nobody scrolled
  • Solarwinds
  • Xcode Ghost

Bad Third Party Code

  • maliscious code in unused library & Obi-C runtime...

Hacking Time

  • Swizzling
  • Listen to user input
  • WebKit & WKWebView
  • "Are we safe? Yes? ... No
  • UIWebView uses same app runtime

Hacking Time II

  • Let's write some Javascript code!
  • Test the webview
  • we can still listen!
  • Is SFSafariVC the solution? No JS allowed

WHat now?

  • check 3rd party code with hashes?
  • detect swizzling?
  • SFSafariVC?
  • seperate processes?

My goal was to make you worry! He he