RSA SecurID - spoof or change UDID?

Discussion in 'Jailbreaks and iOS Hacks' started by spamdumpster, Sep 4, 2009.

  1. spamdumpster macrumors 6502a

    Joined:
    Jan 22, 2008
    #1
    We use RSA SecurIDs at work to remote access our network. The folks at work create soft tokens to be pushed to blackberrys ONLY.

    RSA has released an iPhone app (free in the app store), but it checks your UDID against the token's UDID/

    What I want to do is temporarily spoof or change my UDID so that it matches my blackberry PIN. This way, the iPhone *should* let me import and use the token.

    Any ideas?
     
  2. marccodes macrumors newbie

    Joined:
    Aug 12, 2010
    #2
    spoofing udid with method swizzling programatically

    Here's a way to spoof UDIDs in objective C using Method swizzling:

    http://marccodes.posterous.com/method-swizzling-uidevice-to-spoof-udid

    Method swizzling swaps two selectors (uniqueIdentifier and spoofUniqueIdentifier) for a class (UIDevice). After the swizzle, subsequent calls to UIDevice uniqueIdentifier will return the spoofed UDID. This can be helpful for testing UDID-keyed libraries that you don't have a valid UDID for. What else???
     
  3. geko29 macrumors 6502

    Joined:
    Nov 10, 2008
    #3
    You can't "temporarily" spoof your UDID. The RSA app checks it EVERY time it's launched. It might even check every time the code rolls over, but I have no way of verifying that.

    Also, this is a REALLY good way to get yourself fired and depending on your company's policies, prosecuted. Locking soft tokens to UDID is optional (the default is not to), and it's done for a very good reason.
     
  4. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #4
    Best advice right here!
     
  5. mlts22 macrumors 6502a

    Joined:
    Oct 28, 2008
    #5
    The reason I see companies locking soft tokens to UDIDs on Blackberries is because BES is a security blanket. A Blackberry can be configured to erase itself if it doesn't see network in x amount of hours/days, so even if someone pulls the SIM out of the device so it won't get a remote kill order, it will eventually erase itself.

    iPhones are getting there with security, but still have a ways to go before companies migrate wholesale from RIM to iOS, especially ones that have a hefty investment in BES.
     
  6. geko29 macrumors 6502

    Joined:
    Nov 10, 2008
    #6
    There are a lot of reasons to lock to UDID, and that's definitely one. We're a mostly-iPhone shop, but we lock to UDID as well. The theory being, if we issue someone an iPhone and a token, and they subsequently leave (willingly or not), they will not be able to restore a backup onto a different iThing and retain access to that token. The RSA app will automatically uninstall the token the first time it's launched.

    This also applies while they're employed with us. The token can't be installed on any unapproved devices, like the PC soft client (which is forbidden in the highest possible terms by our Security Officer), or personal phones without prior consent.
     

Share This Page