iOS is currently the second most common mobile operating system with a reputation for being safe and secure for its users. This is in part due to the underlying platform being a closed system.
Apple keeps their source code private to app developers and owners alike, therefore it makes the process of users modifying code on their devices more difficult, and, consequently, trickier for hackers to find vulnerabilities on iOS-powered devices.
With that said, iOS application vulnerabilities are increasing. With the ever-growing number of apps available on the app store, it is advised that a code review and iOS penetration test be carried out on any new or existing iOS apps that haven’t previously been assessed.
Our penetration testers can assess each aspect of an iOS app, including data storage, network transmission, and user authentication, to minimise the chances of attackers subverting the app and gaining unauthorised access to data.
iOS Application Penetration Test
Introduction to iOS Penetration Testing
iOS devices are ubiquitous, making them a prime target for cyber attackers. As such, ensuring the security of iOS applications is paramount.
- Importance of iOS Penetration Testing: With the increasing number of iOS users, ensuring the security of applications on this platform is crucial. Penetration testing helps in identifying vulnerabilities before attackers do.
- Difference between Android and iOS penetration testing: While both are mobile operating systems, their architecture, security measures, and app distribution methods differ, leading to different testing methodologies.
Understanding iOS Architecture
Delving deep into the structure of iOS to understand its security mechanisms.
- Basics of iOS application: iOS applications are developed using Swift or Objective-C and are distributed via the App Store.
- Architecture of iOS: iOS is structured in layers, including Core OS, Core Services, Media, and Cocoa Touch.
- iOS application file extension: Applications on iOS use the .IPA extension.
- Info.plist and its significance: This file describes the application to the OS and can sometimes reveal sensitive information.
- Keychain: A secure storage mechanism for sensitive data on iOS devices.
- Application Sandboxing in iOS: A security mechanism that isolates apps from each other.
Setting up the Environment for iOS Penetration Testing
Before diving into testing, setting up the right environment is crucial.
- Importance of using a physical device: Real-world vulnerabilities and performance issues are best identified on actual devices.
- Vulnerable applications for practice: DVIA-v2 and iGOAT are two applications designed with vulnerabilities for practice purposes.
- Tools, scripts, and applications: A variety of tools are available for different testing purposes, from traffic interception to binary analysis.
iOS Penetration Testing Methodology
A systematic approach to testing ensures thoroughness and efficiency.
- Static Analysis: This involves examining the non-runtime aspects of the application. Tools like MobSF can be used for this purpose.
- Dynamic Analysis: This involves examining the application during runtime. Techniques include bypassing jailbreak detection, SSL pinning, and local authentication.
Popular iOS Penetration Testing Tools
A look at some of the most widely-used tools in the iOS penetration testing community.
- Cydia Impactor: Useful for sideloading apps.
- Burp Suite: A popular tool for intercepting and analyzing network traffic.
- iRET: Offers binary analysis capabilities.
- iWep Pro: Useful for assessing wireless security.
- Myriam iOS: Designed for vulnerability discovery and exploitation.
- Paraben DS: A forensic tool for iOS devices.
- Cycript: Allows interaction with running iOS apps.
- iNalyzer: Useful for manipulating iOS apps.
- Frida: A dynamic instrumentation toolkit.
- iSpy: Designed for dynamic analysis.
- netKillUIbeta: Offers wifi cracking utilities.
What is iOS Application Penetration Testing?
The purpose of testing is to reveal potential vulnerabilities in iOS applications and correct them, ideally before the app’s launch. The testing process includes methods like decompiling the application to identify defects, employing automated tools and of course extensive manual penetration testing.
Insecure iOS applications are a concern for software developers and consumers alike, since data leaks have the potential to harm both. This is especially true with the increased popularity of iOS apps, which consequently has increased the lure for attackers.
Why do you need iOS penetration testing services?
There is a need for iOS penetration services for iOS apps for multiple reasons. Firstly, app penetration testing reveals vulnerabilities and weaknesses in a system. If you don’t identify and correct these vulnerabilities, attackers could gain access to your consumer’s data.
Secondly, you may be required by law to comply with security standards, like HIPAA or PCI DSS. Penetration testing helps ensure you have taken reasonable due care in protecting the application and associated PII data.
Thirdly, the iOS app store has their own review guidelines. Your app may violate these guidelines if it fails some of their basic security checks. In the event of a violation, the app could be rejected by the store.
What are the benefits of iOS penetration testing services?
iOS penetration testing services can provide the following benefits:
- Decrease the chances of the application being compromised.
- Prevent potential legal issues for having an unsecured application.
- Be able to comply with security regulations.
- Reach a wider array of customers who require a secure app
- Decrease your chances of being rejected by the app store.
Which key areas does iOS security testing cover?
iOS security testing examines the security of an application from both the server-side and the client-side components. A pen tester will simulate attacks against every aspect of the app to ensure it’s free from known vulnerabilities.
These are the three most important areas that iOS pen testers check:
1. Data Storage
Pen testers check whether your app securely encrypts and stores data to prevent hackers from manipulating protocols to obtain it.
2. Authorisation and Authentication
Pen testers confirm that the app has proper authentication and authorisation features. It should not be possible for an unauthorised user to gain access to the app’s data.
3. Network and Server-side communication
Pen testers check how easily the data the app transmits to servers which could be accessed by unauthorised individuals.
The pen testers will sequentially test the vulnerabilities of each of these areas through simulated attacks.
How is iOS penetration testing performed?
iOS penetration testing involves systematically testing for vulnerabilities across all aspects of the application. All identified vulnerabilities are documented and rated according to their severity.
Some of the common processes utilised during an iOS penetration test.
The application will be installed on a jailbroken device to test whether the application is vulnerable to jailbroken devices. The pen tester will then attempt to access the application’s confidential information on the jailbroken device.
If a pen tester successfully accesses the app’s confidential data by installing it on a jailbroken device, it means your app is vulnerable to jailbroken devices.
2. Elevating Permission and Privileges
The pen tester will indirectly attack the app on a jailbroken device by gaining higher privileges and permissions. For instance, they may test whether they can access the mobile device from another by executing remote shell commands.
If successful, the pen tester has demonstrated that the application does not have proper authorisation and authentication features and is indirectly vulnerable to a jailbreaking.
3. Analysing via Disassemblers
The pen tester will use a disassembler in an attempt to disassemble the application’s code and potentially reverse engineer it. This technique identifies how secure the application’s code is stored and whether it could potentially be disassembled, and reverse engineered.
If a pen tester can successfully disassemble an application, it proves that the application’s code has not been safely stored.
4. Bypassing Security Controls
The pen tester will attempt to understand your application’s security protections, like anti-tampering. Next, they will create and deploy specific counter measures against the application’s security features. The purpose of this test is to understand how resilient your security features are.
If successful, the pen testers prove the app is vulnerable to being hacked and doesn’t have sufficient security features.
5. MitM Attack
The pen tester will attempt to switch the application’s digital certificate with a proxy. The purpose of this technique is to test the application’s network security features.
If the pen tester successfully swaps the application’s digital certificate with a proxy, they will prove that your application lacks sufficient network protection features.
How long does it take to perform an iOS application penetration test?
There are numerous factors that influence the scoping of iOS app penetration test, such as:
- The size of the iOS app
- The number of pages and dynamic fields
- The number of endpoints
What are the deliverables after iOS application penetration testing?
After a successful iOS penetration test, you receive a detailed report of the identified vulnerabilities, along with recommendations for correcting them, ideal for web developers.
In short, by the end of testing, you’ll know exactly how secure your application is and what you can do to correct the vulnerabilities identified.
How much is an iOS application penetration test?
An iOS mobile app penetration test cost is calculated by the number of days a penetration tester will take to fulfil the agreed scope. The number of days can be determined by filling out our penetration testing scoping form or messaging us through our contact form to arrange a scoping call with one of our senior penetration testers.