O'Reilly logo

Hacking and Securing iOS Applications by Jonathan Zdziarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Role of Social Engineering

The attacks you’ve learned about so far require temporary physical access to the device. Sometimes this can only require a few minutes of your time. While stealing a device is certainly no difficult feat for an attacker, it’s more advantageous for them to steal the data from the device without the user’s knowledge. This guarantees that all credentials that may be saved on the device will remain valid, and will prevent the attacker from having to contend with remote wipes or the “Find my iPhone” feature by making sure they keep the device off the network. If the attacker is a coworker or other person an employee knows, a stolen device can also raise suspicion and possibly lead to corporate searches. It is by far much easier for an attacker to take the path of misdirection and borrow the target device without the user’s knowledge.

An iPhone 4 is an iPhone 4. Without a unique asset tag or other identifying feature, the only differing characteristics between one iPhone 4 and another is possibly whether it is black or white, and the case. Obviously if a victim leaves their device at a workstation (or bar) and walks away for a few minutes, that device can be targeted without the need for social engineering. The task becomes harder, however, when the victim’s device is in their immediate possession. One of the most common social engineering tactics used to secure temporary physical access to a device is to switch it with another device. By leading the victim ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required