Loading…
BSidesLV has ended
Thank you for joining us for our 5th Anniversary celebration! We certainly hope you enjoy the conference. Here’s to Education, Collaboration, and Community!

Remember, we don’t take ourselves too seriously and you shouldn’t, either! To quote the old motto of another collaborative community, "We trick into learning with a laugh".

We wish you both laughter and learning - and lots of both!

-= Team BSidesLV 
Wednesday, August 6 • 10:00 - 10:30
iOS URL Schemes: omg://

Sign up or log in to save this to your schedule and see who's attending!

Tweet Share
Have you ever clicked a phone number in Safari to get the phone app to call that store/car dealership/pizza place you were searching for?

In iOS, this interaction between apps happens via URL schemes, which are available to Apple applications as well as third party applications. Everyone uses them without noticing they exist. They are the most flexible of the imperfect methods available right now.

They are, however, a source of user input that should never be trusted as safe. In this presentation, we will look at real life examples of implementations of URL Schemes that could lead to issues such as destruction of data or help a malicious person identify an iOS user.

We will also look at simple ways to improve URL Scheme security for users of your apps as well as how to find URL Scheme vulnerabilities, for the ones out there who would like to help out.
Speakers
avatar for Guillaume Ross

Guillaume Ross

Security Researcher, Uptycs
Guillaume is a security researcher for Uptycs, a security SaaS leveraging the power of Osquery as a cross-platform agent. He researches the best ways to secure systems, as well as to detect malicious activity occurring on them. He has presented and gotten in trouble at AtlSecCon before... Read More →

Wednesday August 6, 2014 10:00 - 10:30
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV
  Proving Ground

Attendees (0)