Skip to main content
#DieHimmels­traeumerin

iOS dev • sketchnoting • accessibility • pineapple on pizza • sports • she/her

NSSpain 2023: Hacking iOS Mobile Apps

Content by Kamil Borzym

Sketch by @felibe444

Created on Sep 14, 2023

Sketchnote of NSSpain 2023 talk by Kamil about how to hack an iOS mobile app and what not to do

Detailed image description of the sketchnote

  • Don't do that at home, kids!

Bad Developers

  • code review with code far right... nobody scrolled
  • Solarwinds
  • Xcode Ghost

Bad Third Party Code

  • maliscious code in unused library & Obi-C runtime...

Hacking Time

  • Swizzling
  • Listen to user input
  • WebKit & WKWebView
  • "Are we safe? Yes? ... No
  • UIWebView uses same app runtime

Hacking Time II

  • Let's write some Javascript code!
  • Test the webview
  • we can still listen!
  • Is SFSafariVC the solution? No JS allowed

WHat now?

  • check 3rd party code with hashes?
  • detect swizzling?
  • SFSafariVC?
  • seperate processes?

My goal was to make you worry! He he

Tagged with: