M 711: Insecure Local Storage by iPhone Apps (15 pts extra)
What You Need
- A jailbroken iPhone, as detailed in
project ED 420
- A Mac computer
- An iPhone cable
Purpose
To view iPhone local storage and find
passwords there.
Responsible Disclosure
I notified all the companies about this
on or before
Jan 12, 2020, as linked below each image,
and they did nothing.
Installing an Unsafe App
Install one of these apps
(clicking the image goes to the
Apple Store page for the app)
Creating an Account
Using your phone, create an account with
an insecure app. Use a password with an unusual
series of characters, such as ssw6
(For West Village Cafe,
just attempt a login with your special
password.)
Viewing the iPhone Local Storage
Connect to your jailbroken iPhone
with SSH, as you did in
project ED 420.
Execute this command, replacing
ssw6
with your special password.
grep ssw6 -r /private/var/mobile/Containers/Application
The password is found,
as shown below.
Flag M 711.1: Stored Password Location (15 pts)
The flag is
covered by a green rectangle
in the image below.
|
Posted 2-12-2020
