London, UK – August 24, 2012. IOActive, a leading provider of application security, compliance, and smart grid security services, today announced that that Ilja van Sprundel, their Director of Penetration Testing, will present The Security (or Insecurity) of 3rd Party iOS Applications at Hashdays 2012. Hashdays is the premier technical security and research conference in the center of Switzerland, organized by DEFCON Switzerland. Offering trainings, workshops, and presentations from international IT security experts, Hashdays aims to give experts and professionals a platform to share ideas and research.
Application developments for the iPhone and iPad have been skyrocketing in the past few years and although they’re based on Mac OSX, the development APIs are new and very specific to these devices. Ilja van Sprundel will discuss lessons learned from auditing iPhone and iPad applications. His presentation will cover the use of these APIs, why some of them aren’t granular enough, why they might expose way too much attack surface, transport security, use of XML APIs, URL handling, use and misuse of UIWebView, format string bugs, and much more. He will discuss what apps are allowed to do when inside their sandbox once an application has been hacked. Ilja will cover problematic issues with common code patterns in iOS applications from a security point of view, and then offer possible solutions, workarounds, or mitigations.
WHAT The Security (or Insecurity) of 3rd Party iOS Applications
WHERE Radisson BLU Hotel in Lucerne, Switzerland
WHEN November 2–3, 2012. Time TBD.
HOW For more information, visit the Hashdays website.
About Ilja van Sprundel
Ilja van Sprundel is experienced in exploit development and network and application testing. As IOActive’s Director of Penetration Testing he performs primarily gray-box penetration testing engagements on mobile (specializing in iOS) and runtime (specializing in Windows kernel) applications that require customized fuzzing and source code review, identifying system vulnerabilities and designing custom security solutions for clients in technology development, telecommunications, and financial services.
van Sprundel specializes in the assessment of low-level kernel code and architecture/infrastructure design, having security reviewed literally hundreds of thousands of lines of code. However, as a Director, he also functions in a managerial capacity by overseeing penetration testing engagements, providing oversight regarding technical accuracy, serving as the point of contact between technical consultants and technical stakeholders, and ensuring that engagements are delivered on time and in alignment with customer’s expectations.
van Sprundel also is responsible to mentor and guide Associate-level consultants as they grow both their penetration testing and general consulting skill sets. He is the driver behind the team’s implementation of cutting-edge techniques and tools, guided by both research and successful exploits performed during client engagements.
Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, hardware, retail, financial, media, aerospace, high-tech, and software development organizations. As a home for highly skilled and experienced professionals, IOActive attracts talented consultants who contribute to the growing body of security knowledge by speaking at such elite conferences as Black Hat, Ruxcon, Defcon, BlueHat, CanSec, and WhatTheHack. For more information, visit www.ioactive.com.