VP of Product Security, Zimperium, Inc.
c0ntextomy - Let's Debug Together
A design flaw in MobileDevice.framework / Xcode and iOS / iPadOS / tvOS Development Tools allowed an attacker in the same network to gain remote code execution on a target device with a software version prior to iOS 14. By hijacking a running debug session, the attacker could gain arbitrary remote code execution, ultimately allowing the exfiltration of user data or more, while the attack is barely noticeable to the victim.
This talk will cover the discovery, research, and exploitation part of the vulnerability, as well as describe the design flaw in detail and how it was fixed by the vendor. We will also cover some basic knowledge about iOS device services and lockdownd, and highlight a few vulnerabilities we found in the past, too.
Nikias Bassen has been into reverse engineering for more than a decade. The breakthrough was back in 2011 when he joined the Chronic-Dev team to work on the iOS 5 + 5.1 jailbreaks. Ongoing research was focusing mostly on iOS, and in early 2013 he became part of the famous @evad3rs who released the evasi0n and evasi0n7 jailbreaks for iOS 6 and 7. He joined Zimperium zLabs back in 2015 to continue his efforts in security research and reverse engineering targeting iOS. Back in 2018, he joined the mobile device virtualization company Corellium as VP of Platform & Security to focus on providing the next-generation platform for security research and mobile development. Since 2019, Nikias is back at Zimperium zLabs as VP of Product Security to handle research and implementation of next-generation threat detections on iOS. As part of the checkra1n development team, he found his way back to his roots, working on the greatest jailbreak of the past decade: checkra1n.