Chapter 9. Hijacking Traffic
When all attacks against an application fail, attackers turn to another effective approach to attack remote resources: intercepting network traffic. Traditionally, hijacking a network connection has required the use of WiFi sniffers with WEP or WPA cracking tools, Ethernet wiretaps, or physical access to a desktop or notebook computer long enough to install spyware. Given the mobile form factor of iOS-based devices, and their willingness to blindly accept new configurations, hijacking both cellular traffic and WiFi traffic can usually be performed much more easily than a similar attack on a desktop machine. It’s so easy, in fact, that a device’s traffic can be hijacked without even compromising the device itself.
There are a number of ways to intercept network traffic across local networks; dozens of books have been written on the subject. This chapter will deal specifically with techniques an attacker might use to hijack traffic on an iOS device.
APN Hijacking
APN hijacking is one of the easiest attacks to carry out, and can even be carried out without physical access to the device—depending on how good your social engineering skills are. A cellular carrier’s APN (Access Point Name) tells the phone how to connect to the carrier’s network to send and receive data. APN configuration data on an iPhone or iPad contains the carrier’s GPRS gateway name, authentication information, and an optional proxy server and port. All traffic routes through the carrier’s ...
Get Hacking and Securing iOS Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.