Description: This demo shows a possible vulnerability that will exist in future iOS apps due to Apple's policy on UDID use by developers in iOS 5.
If developers want to maintain the same translucent identification between the app and its web service, it forces them to generate their own unique IDs and store them within the user accessible plist files.
In this demo the HijackMe application stores its users unique ID within a plist. When communicating with its web service it fetches that id to let the service identify the user.
the AppHijacker accesses the HijackMe plist file and modifies the id.
the results are clear.
note: this is a conceptual demo. I understand that these kinds of apps (AppHijacker) would never make it through Apple's screening process.
Tags: iOS , hacking , iphone , ipad , session hijacking , penetration testing , spoofing , hijacking ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Which Iphone emulator r u using??
5