Book: Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It
Data is stolen; this is no uncommon occurrence. The electronic information age has made the theft of data a very lucrative occupation. Whether it’s phishing scams or largescale data breaches, criminals stand to greatly benefit from electronic crimes, making their investment well worth the risk. When I say that this occurrence is not uncommon, my goal isn’t to be dismissive, but rather to alarm you. The chances that your company’s applications will be vulnerable to attack are very high. Hackers of the criminal variety have an arsenal of tools at their disposal to reverse engineer, trace, and even manipulate applications in ways that most programmers aren’t aware. Even many encryption implementations are weak, and a good hacker can penetrate these and other layers that, so many times, present only a false sense of security to the application’s developers.
Take everything hackers collectively know about security vulnerability and apply it to a device that is constantly connected to a public network, wrapped up in a form factor that can fit in your pocket and is frequently left at bars. Your company’s applications, and the data they protect, are now subject to simpler forms of theft such as pickpocketing, file copies that can take as little as a few minutes alone with a device, or malicious injection of spyware and root kits—all of which can be performed as the device’s owner reaches for another drink. One way or another, software on a mobile platform can be easily stolen and later attacked at the criminal’s leisure, sometimes without the device’s owner even knowing, and sometimes without physical access to the device.