Keyboard cache capturing sensitive data
In iOS, your application's input text fields are logged unless secure flag is not set or autocorrect is not disabled. It's easy to retrieve all keystroke logs from a device. Therefore, the developers should be very careful with sensitive data input fields such as SSN, pin, and so on, so that it should not be captured.
We will perform this exercise on an iOS Simulator. Let's follow the given steps to view keyboard cache that captured sensitive data:
- Let's use the
iGoatapplication on an iOS Simulator to demonstrate the vulnerability. Select the Keystroke Logging exercise from the Data Protection (Rest) category of aniGoatapplication: - Fill the Subject and Message input field and then use the Send option:
- Now, ...
Get Learning iOS Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
