TY - GEN
T1 - Vulnerability analysis of iPhone 6
AU - Yang, Wencheng
AU - Hu, Jiankun
AU - Fernandes, Clinton
AU - Sivaraman, Vijay
AU - Wu, Qianhong
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016
Y1 - 2016
N2 - Apple claims that iPhone 6, which is equipped with iOS 8.0 and later version, is secure enough to prevent a user's private data from law enforcement or malicious intruders. In pre-iOS 8.0 operating systems, a user's data were only encrypted by hardware-based keys, which can be obtained by Apple. But in iOS 8.0 and later version, the private data on the iPhone are protected by a secret key that is protected by the user's passcode, which the Apple does not hold. In this paper, supported by real-life experiments, we demonstrate that several vulnerabilities of iPhone 6 with iOS 8, which are brought by ordinary user operations, can lead to the leakage of the private data. Then we conduct vulnerability analysis and give the reasons that cause these vulnerabilities from a technical perspective. Meanwhile, experiments of forging attack aiming at iPhone 6 Touch ID are conducted.
AB - Apple claims that iPhone 6, which is equipped with iOS 8.0 and later version, is secure enough to prevent a user's private data from law enforcement or malicious intruders. In pre-iOS 8.0 operating systems, a user's data were only encrypted by hardware-based keys, which can be obtained by Apple. But in iOS 8.0 and later version, the private data on the iPhone are protected by a secret key that is protected by the user's passcode, which the Apple does not hold. In this paper, supported by real-life experiments, we demonstrate that several vulnerabilities of iPhone 6 with iOS 8, which are brought by ordinary user operations, can lead to the leakage of the private data. Then we conduct vulnerability analysis and give the reasons that cause these vulnerabilities from a technical perspective. Meanwhile, experiments of forging attack aiming at iPhone 6 Touch ID are conducted.
KW - Forging attack
KW - iOS 8
KW - iphone 6
KW - law enforcement
KW - vulnerability
UR - https://www.scopus.com/pages/publications/85019266874
U2 - 10.1109/PST.2016.7907000
DO - 10.1109/PST.2016.7907000
M3 - 会议稿件
AN - SCOPUS:85019266874
T3 - 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016
SP - 457
EP - 463
BT - 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 14th Annual Conference on Privacy, Security and Trust, PST 2016
Y2 - 12 December 2016 through 14 December 2016
ER -