Questions tagged [ios]
iOS is Apple's operating system for the iPhone, iPad and iPod Touch.
509 questions
0 votes
1 answer
89 views
Use of assymetric encryption in Apple CloudKit (iCloud)
Context: CloudKit is a framework that lets app developers store key-value data, structured data, and assets (large data stored separately from the database, such as images or videos) in iCloud. ...
- 11
1 vote
0 answers
86 views
Why is the iCloud backup keybag asymmetric?
According to Apple: The iCloud Backup keybag contains asymmetric (Curve25519) keys for Data Protection classes that aren’t accessible when the device is locked. The backup set is stored in the user’s ...
- 11
2 votes
0 answers
65 views
sslv3 alert certificate unknown on IOS only
I work for a company that is using an Azure hosted Ubuntu VM as a server to forward a VNC connection from a control that we design and a user's computer or phone. Starting some time yesterday morning (...
- 21
1 vote
0 answers
107 views
Authentication token stored in Cache.db and Cache.db-wal on IOS -- what are the security risks? The files use NSFileProtectionNone by default
My iOS app has had a pentest done on it. One of the issues found was that the authentication token is stored by the operating system, using URLCache in Cache.db-wal. Since these types of pentests are ...
- 111
1 vote
1 answer
143 views
Is Android Keystore/iOS Keychain without biometric authentication still secure against physical access attacks?
I'm implementing refresh token storage in a mobile app and trying to understand the practical security differences between these two approaches: Option 1: Hardware-backed storage WITHOUT biometric ...
- 185
4 votes
2 answers
1k views
How to check if a file contains exploit for a specific zero day vulnerability?
The latest iOS update contains a fix for some zero day vulnerabilities involving core audio, where a maliciously crafted media file can cause harm. I have received a file - how can I verify it does ...
- 149
0 votes
1 answer
177 views
Why use the data protection classes of iOS
According to https://support.apple.com/en-ca/guide/security/secb010e978a/web: If a file isn’t assigned a Data Protection class, it is still stored in encrypted form (as is all data on an iPhone, iPad,...
4 votes
1 answer
5k views
After recovering my hacked WhatsApp account, how can I be sure that I am no longer compromised?
This question is following on from my previous question, where my WhatsApp account was compromised after I visited a suspicious link and entered my account verification code. I have set up two-step ...
6 votes
1 answer
2k views
What can be done when my WhatsApp account is sending messages on my behalf?
Today a contact inside my WhatsApp sends me a message. He said "Hi", then we chat a bit about previous travel trip we had last year, then he mentioned that he has created a group for us to ...
1 vote
0 answers
154 views
Unsigned iOS configuration profile risks
I would like to install some fonts from my Mac onto my iPad. I’ve created a configuration profile with Configurator 2 to achieve this. I am not currently enrolled in the Developer program so I cannot ...
- 111
1 vote
1 answer
300 views
Why macOS allows app to "actively" access the clipboard?
I have just downloaded a RSS reader app and want to add an new feed into it. What I have done is: I copied the feed url Open the RSS reader and click the "Add new feed" button Surprisingly, ...
- 131
-1 votes
2 answers
379 views
Check for spyware in new iPhone before adding iCloud account
My boyfriend bought me an iPhone, and I’m worried that he installed something for tracking and spying. So my question is whether it is possible to do that before I get that phone, and put my iCloud ...
- 9
3 votes
1 answer
503 views
How to generate a Symmetric Key on the Secure Enclave of iOS devices and use it to encrypt data
I'm working on a secure app that uses the user's master password to derive a symmetric key to encrypt all the user information. I want to add FaceId support now, and the approach I was thinking of was ...
- 133
1 vote
0 answers
165 views
Why does iOS require my passcode before performing a system update? [closed]
When updating an iPhone to a newer iOS version, you are required to enter your passcode (usually a PIN) before going ahead with the system update. Before now, I had never wondered why. But after doing ...
- 4,805
2 votes
1 answer
493 views
How to investigate further the iOS notification "This password has appeared in a data leak"? [closed]
On the iPhone managed by my employer, I recently received 3 notifications of “This password has appeared in a data leak”, and they're all related to instances of outside vendors setting up a ...
- 247