Vulnerability analysis of iPhone 6

Wencheng Yang; Jiankun Hu; Clinton Fernandes; Vijay Sivaraman; Qianhong Wu

doi:10.1109/PST.2016.7907000

Vulnerability analysis of iPhone 6

Wencheng Yang
, Jiankun Hu
, Clinton Fernandes
, Vijay Sivaraman
, Qianhong Wu

School of Cyber Science and Technology

University of New South Wales

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

12 Scopus citations

Abstract

Apple claims that iPhone 6, which is equipped with iOS 8.0 and later version, is secure enough to prevent a user's private data from law enforcement or malicious intruders. In pre-iOS 8.0 operating systems, a user's data were only encrypted by hardware-based keys, which can be obtained by Apple. But in iOS 8.0 and later version, the private data on the iPhone are protected by a secret key that is protected by the user's passcode, which the Apple does not hold. In this paper, supported by real-life experiments, we demonstrate that several vulnerabilities of iPhone 6 with iOS 8, which are brought by ordinary user operations, can lead to the leakage of the private data. Then we conduct vulnerability analysis and give the reasons that cause these vulnerabilities from a technical perspective. Meanwhile, experiments of forging attack aiming at iPhone 6 Touch ID are conducted.

Original language	English
Title of host publication	2016 14th Annual Conference on Privacy, Security and Trust, PST 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	457-463
Number of pages	7
ISBN (Electronic)	9781509043798
DOIs	https://doi.org/10.1109/PST.2016.7907000
State	Published - 2016
Event	14th Annual Conference on Privacy, Security and Trust, PST 2016 - Auckland, New Zealand Duration: 12 Dec 2016 → 14 Dec 2016

Publication series

Name	2016 14th Annual Conference on Privacy, Security and Trust, PST 2016

Conference

Conference	14th Annual Conference on Privacy, Security and Trust, PST 2016
Country/Territory	New Zealand
City	Auckland
Period	12/12/16 → 14/12/16

Keywords

Forging attack
iOS 8
iphone 6
law enforcement
vulnerability

Access to Document

10.1109/PST.2016.7907000

Cite this

Yang, W., Hu, J., Fernandes, C., Sivaraman, V., & Wu, Q. (2016). Vulnerability analysis of iPhone 6. In 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016 (pp. 457-463). Article 7907000 (2016 14th Annual Conference on Privacy, Security and Trust, PST 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/PST.2016.7907000

@inproceedings{a35b0e532d8844e78896491a2e8c48be,

title = "Vulnerability analysis of iPhone 6",

abstract = "Apple claims that iPhone 6, which is equipped with iOS 8.0 and later version, is secure enough to prevent a user's private data from law enforcement or malicious intruders. In pre-iOS 8.0 operating systems, a user's data were only encrypted by hardware-based keys, which can be obtained by Apple. But in iOS 8.0 and later version, the private data on the iPhone are protected by a secret key that is protected by the user's passcode, which the Apple does not hold. In this paper, supported by real-life experiments, we demonstrate that several vulnerabilities of iPhone 6 with iOS 8, which are brought by ordinary user operations, can lead to the leakage of the private data. Then we conduct vulnerability analysis and give the reasons that cause these vulnerabilities from a technical perspective. Meanwhile, experiments of forging attack aiming at iPhone 6 Touch ID are conducted.",

keywords = "Forging attack, iOS 8, iphone 6, law enforcement, vulnerability",

author = "Wencheng Yang and Jiankun Hu and Clinton Fernandes and Vijay Sivaraman and Qianhong Wu",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 14th Annual Conference on Privacy, Security and Trust, PST 2016 ; Conference date: 12-12-2016 Through 14-12-2016",

year = "2016",

doi = "10.1109/PST.2016.7907000",

language = "英语",

series = "2016 14th Annual Conference on Privacy, Security and Trust, PST 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "457--463",

booktitle = "2016 14th Annual Conference on Privacy, Security and Trust, PST 2016",

address = "美国",

}

Yang, W, Hu, J, Fernandes, C, Sivaraman, V & Wu, Q 2016, Vulnerability analysis of iPhone 6. in 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016., 7907000, 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016, Institute of Electrical and Electronics Engineers Inc., pp. 457-463, 14th Annual Conference on Privacy, Security and Trust, PST 2016, Auckland, New Zealand, 12/12/16. https://doi.org/10.1109/PST.2016.7907000

Vulnerability analysis of iPhone 6. / Yang, Wencheng; Hu, Jiankun; Fernandes, Clinton et al.
2016 14th Annual Conference on Privacy, Security and Trust, PST 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 457-463 7907000 (2016 14th Annual Conference on Privacy, Security and Trust, PST 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Vulnerability analysis of iPhone 6

AU - Yang, Wencheng

AU - Hu, Jiankun

AU - Fernandes, Clinton

AU - Sivaraman, Vijay

AU - Wu, Qianhong

PY - 2016

Y1 - 2016

N2 - Apple claims that iPhone 6, which is equipped with iOS 8.0 and later version, is secure enough to prevent a user's private data from law enforcement or malicious intruders. In pre-iOS 8.0 operating systems, a user's data were only encrypted by hardware-based keys, which can be obtained by Apple. But in iOS 8.0 and later version, the private data on the iPhone are protected by a secret key that is protected by the user's passcode, which the Apple does not hold. In this paper, supported by real-life experiments, we demonstrate that several vulnerabilities of iPhone 6 with iOS 8, which are brought by ordinary user operations, can lead to the leakage of the private data. Then we conduct vulnerability analysis and give the reasons that cause these vulnerabilities from a technical perspective. Meanwhile, experiments of forging attack aiming at iPhone 6 Touch ID are conducted.

AB - Apple claims that iPhone 6, which is equipped with iOS 8.0 and later version, is secure enough to prevent a user's private data from law enforcement or malicious intruders. In pre-iOS 8.0 operating systems, a user's data were only encrypted by hardware-based keys, which can be obtained by Apple. But in iOS 8.0 and later version, the private data on the iPhone are protected by a secret key that is protected by the user's passcode, which the Apple does not hold. In this paper, supported by real-life experiments, we demonstrate that several vulnerabilities of iPhone 6 with iOS 8, which are brought by ordinary user operations, can lead to the leakage of the private data. Then we conduct vulnerability analysis and give the reasons that cause these vulnerabilities from a technical perspective. Meanwhile, experiments of forging attack aiming at iPhone 6 Touch ID are conducted.

KW - Forging attack

KW - iOS 8

KW - iphone 6

KW - law enforcement

KW - vulnerability

UR - https://www.scopus.com/pages/publications/85019266874

U2 - 10.1109/PST.2016.7907000

DO - 10.1109/PST.2016.7907000

M3 - 会议稿件

AN - SCOPUS:85019266874

T3 - 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016

SP - 457

EP - 463

BT - 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 14th Annual Conference on Privacy, Security and Trust, PST 2016

Y2 - 12 December 2016 through 14 December 2016

ER -

Vulnerability analysis of iPhone 6

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this