Time
3 hours 58 minutes
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:00
So now we've examined the threat landscape a bit, and we've had a brief information security review. Let's start discussing our mobile platforms here. We're going to begin with I a Wes and then move on to Android. Now, during the section, I will be mixing our lecture with some exercises using RV EMS.
00:18
So be sure you have them downloaded and running. Bearing in mind that hex skipped. The M is only gonna run on Mac hardware.
00:24
But if you don't have a Mac Tory, a lot of the tools we introduce are gonna be available on mostly next Destro's, including the ones we talked about earlier in the course. But if we use a specific OS during an exercise, I'll be sure to let you know what you need to get yourself. I've been running
00:38
all right, we're gonna start here with a brief history lesson, and then we're going to discuss the architecture in depth.
00:45
So as you may know, I OS is an operating system developed by Apple in 2007 to run on its Apple hardware. It's based on the Mac OS, and it was the first iteration of the touch centric mobile operating system. IOS was installed on the first iPhone, which ran IOS version 1.15
01:02
And throughout the years we've seen versions to through 12 which offered different types of user enhancements and security updates.
01:08
The latest version is Iowa's 13 which was announced in June 2019. It was released the beta testers in July, and it will most likely be pushed to the user community in the coming months.
01:19
In 2008 the APP store was open, which served as a digital platform for uses to browse and download APS developed for IOS with Apple's software development kit.
01:30
As of 2017 the APP store has over three million APS for download, which, of course, is one of the reasons why we're here to analyze the malicious ones. Okay, let's move into the IOS architecture. So as you know, Apple IOS utilizes a multi touch interface
01:47
and using the interface, we can use simple gestures with our fingers to operate the device and even use our own voice or face to control different features and applications.
01:56
The IOS is divided up into four layers. These layers provide different layers of abstraction and have their own components which we're going to break down the bottom. Most layer layer one Here is the core operating system layer. This layer interacts with the hardware, which is a physical chip on the device.
02:17
The core operating system layer is the foundation of our operating system, and it provides us access to a low level operating system. Service is and has several components,
02:29
so let's do this. Let's make a chart of all the layers and all the components. You can have it later for reference. So we've got
02:38
first our core OS layer
02:43
court OS layer, and it provides us access to the OSX. Colonel provides us access to different low level drivers,
02:52
provides us access to sockets. Network sockets,
02:59
Power management features
03:02
key chains
03:07
Certs
03:13
and Security.
03:16
Security is encrypting and decrypting data through the use off cryptographic functions. So there you go. There's our core os layer.
03:25
Our second layer is the core. Service is layer. This is a layer that gives us abstraction to access. Service is provided to us by the OS layer.
03:36
Our core service is Layer also has several components, so let's go ahead and list those out there. We've got core
03:44
service's
03:49
in here. We've got access to collections,
03:52
which is a data management feature.
03:55
We've got the address book
04:00
that's pretty self explanatory.
04:03
Access to networking.
04:10
This is going to tell us if the phone is on WiFi or if it's Bluetooth settler. If a specific host can be accessed, our server can access it the basic overall state of the network
04:21
file Access
04:27
Sequel Light. Ask how light
04:31
that gives us access to the sequel, database
04:36
and location.
04:40
This gives us information about the location and orientation of our device. So there you have it. There's our core service is
04:46
the third layer is our court media layer. This is the layer that provides multimedia service is it holds graphics libraries, and it's made up of the following components. Let's list them out.
05:00
And so our media layer.
05:05
This gives us access to open G O,
05:10
which is for creating two D and three d. You've got our audio.
05:15
This gives us access to a couple different components. Audio mixing, audio recording the core audio
05:21
video for video playback,
05:26
pdf rendering engines
05:30
and
05:32
animation. So this gives us support for animating the use and other contents. So there you go, there you have it. That's our immediately our fourth layer, which is the coca touch layer that gives us access. Toothy actual interface. We can installing. Use the applications like any of the games, contacts, APS, notifications. And, of course, it supports multi touch capability.
05:53
So the Coke touch layer has the following components. Let's list those out.
05:58
Okay, Coca.
06:00
Okay, so this gives us access to controllers,
06:03
the controllers component. This allows us to manipulate and change behavior of our application. We've got alerts, interacts with the messaging service just in case something goes wrong with her application localization.
06:19
That's if we want to make an app for where we located in the world.
06:24
We've got the Web use. This allows us to
06:29
interact with each Tamil content image picker
06:35
manipulates images and allows us to control what we could do with images. We've got the people picker
06:43
that interacts with the
06:45
address book framework.
06:47
And lastly, we've got the
06:51
events. Of course, these are events where you touch, pull, drag, slide, all those different types of events you want to work with.
06:59
And that is the coca touch layer. So you may be asking yourself. Okay, well, you've explained these frameworks and components and layers. But what does it all mean? Why's it all important?
07:11
Well, try to think of it from a forward engineering standpoint. If I build an IOS application from the ground up, I might use any one of the layers or frameworks or components to get my application up and running. We'll malware authors air doing the exact same thing. They're using the same frameworks that we are,
07:29
so the better. I understand the architecture in the different components and frameworks that offered within the architecture,
07:34
the better I can analyze their applications.

Up Next

Mobile Malware Analysis Fundamentals

In the Mobile Malware Analysis Fundamentals course, participants will obtain the knowledge and skills to perform basic malware analysis on mobile devices. Participants will perform these tasks by learning and implementing tools and techniques while examining malicious programs.

Instructed By

Instructor Profile Image
Brian Rogalski
CEO of Hexcapes
Instructor