Apple iOS Certificate Tomfoolery

ShmooCon IX - 2013

Presented by: Tim Medin
Date: Friday February 15, 2013
Time: 17:00 - 17:25
Location: Regency A
Track: One Track Mind

Mobile devices rely on many complex systems for security, reintroducing mistakes in implementation and design that are reminiscent of the 1990's. Certificate trust and validation checking is one area of critical importance, yet iOS fails to implement controls that are comprehensively effective.

In this One Track Mind session, Tim will present two previously unreleased attacks against Apple iOS certificate validation following several months of intense research. By discussing these flaws, and looking at opportunities to improve the security going forward, Tim will demonstrate that Apple iOS security still has a lot of opportunity for improvement, and that we can all laugh (and cry a little) at the funny mistakes and oversight that turns into significant security flaws.

Tim Medin

Tim works for Counter Hack, developing real-world hacking challenges for organizations that need to improve their offensive and defensive security skills. He is a firm believer in the necessity of the conditional operator in every programming language, even though his colleagues think it's unnecessary. Tim is a seasoned presenter, author, and developer, with an unusual affinity for Tom Jones.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats