The Analysis And Prevention Of Attact Methods Of IOS Applications

iOS especially attracts people’s attention in the main intelligent terminal operating systems. iOS takes closed-source strategy, making it more secure than other systems. But the existence and development of jailbreak technology demonstrate that iOS platform does have some potential safety hazards. “Jailbreak” is not a general computing concept, instead it is just a figurative sense of break of iOS mandatory limitations using by Apple community, and section 2.5 will interpret it in detail. And attackers will finally give their attention to iOS with the popularity of iOS intelligent terminal and the growing of jailbreaken iOS user ranks with the legalization of jailbreak, so it is necessary to study the safety of applications running on iOS and protect iOS from jailbreaken attacks, which can objectively make the iOS security mechanism better.The main contents of this thesis had two parts:First, it demonstrated the necessity of the research on the threat that jailbreaken brings to iOS. Base on which this thesis researched on iOS’s existing security mechanism, analyzed its potential weak links and pointed out that three kinds of malicious injection caused by these weak links. Then this thesis designed an emulation experiment based on iOS platform. After the analysis of existent file malicious injection methods, this thesis improved one of the most workable method and highlighted a new injection method based on reverse engineering with a wider range of attack. Combined with an app downloaded from App Store, this thesis designed related tests to verify the powerful offensive of this method.Second, through the analysis and study of the three types of malicious injection, for the potential problems of iOS security mechanisms exposed by injection methods, the thesis studied and implemented several security measures for iOS applications: First, strengthen the existing password detection mechanisms, in addition to the password length, numbers, special characters or symbols mixed extent, this thesis focused on detection from a particular combination of vulnerable keyboard code; secondly perfect iOS memory protection mechanisms,use Objective-C object that securely wiped memory to ensure full coverage of each byte of data in order to prevent object being tracked and the information being leaked; thirdly, present a mechanism throughout the three stages of the program being debugged in maintening program security at runtime: first the beginning of being debugged, then being traced, finally being modified maliciously, the tests of those will eventually prevent the changed target executing.