ios secure app development

iOS Apps security

Dušan Klinec, Faculty of Informatics, Masaryk University

About me

• Security enthusiast

• Mgr. in IT security, FI MU

• Senior Software Engineer & Consultant

@ EnigmaBridge.com

• Co-author of the PhoneX app.

Outline

• File System security

– Encryption

– Secure data storage

• IPC

• Certificate Pinning

Sandboxing recap.

Sandboxing

• MAC, Historically Seatbelt

• Based on FreeBSD’s TrustedBSD framework

• Sandboxing profile what app can/cannot

– Files, OS services, network, memory

• Unlike Android’s UID-based segregation, apps run

as one user, “mobile”

• Application contained in own directory

Anatomy of the AppDir

● /Documents – Persistent store for application data; this data will be synced and

backed up to iTunes. Can be shared via iTunes.

● /Library/Application Support – Additional app files (config files, purchased content)

● /Library/Caches – Caches, not in backup

● /Library/Caches/Snapshots – Application screenshots taken when the app is

backgrounded

● /Library/Cookies – Cookie plists

● /Library/Preferences – Preference plists, NSUserDefaults.

● /Library/WebKit – Webkit local storage

● /xxxxxx.app – App resources (binary, graphics, nibs, Info.plist, localisation resources

● /tmp – temporary, can be erased between app starts

Data Encryption

Secure Enclave

• Cryptographic co-processor (not Secure Element)

– Apple 7+ processor (ARMv8, 64b, ARM + Apple design)

– iPhone 5S+ (Required for Touch ID)

• Implemented via TrustZone in Processor.

• Separate trusted boot, separate software updates

– Jailbreak does not compromise Secure Enclave

Secure Enclave

Normal World Secure World

Normal WorldUser Mode

Monitor

Secure Enclave

Oscillator based random number generator

AES-256 Engine

Secure Enclave

Oscillator based random number generator

AES-256 Engine

GID Memory Key

Secure Enclave

http://arstechnica.com/apple/2014/09/chipworks-digs-up-more-information-on-apples-new-a8-chip/https://www.guru3d.com/articles-pages/core-i5-750-core-i7-860-870-processor-review-test,6.htmlhttp://www.wired.com/2015/10/x-ray-scans-expose-an-ingenious-chip-and-pin-card-hack/

FileSystem encryption

• All files are encrypted

– w/ or w/o passcode set

– easy data wipe

• Data need to be decrypted on the device (SEnc)

– no Flash chip desoldering.

– no parallelization with cloud, FPGAs, ASICs, ...

– hard passcode bruteforcing, 80ms derivation delay

– 5 second delay on wrong passcode entry by SEnc

NSFileProtectionComplete

File contents

AES-256 EncryptAES-256 Wrap

File key

File contents

File keyProtection class key

File contents

Passcodekey

File contents

File metadata

Passcodekey

File contents

File metadata

File System key

Passcodekey

File contents

File metadata

File System key

Passcodekey

NSFileProtectionCompleteUntilFirstUserAuthentication

File contents

File metadata

File System key

Passcodekey

File contents

File metadata

File System key

NSFileProtectionNone

NSFileProtectionCompleteUnlessOpen

File contents

File metadata

File key

fPubK, fPrvK

File Create File System

File contents

File metadata

File key

class ECC public key

fPubK, fPrvK

File Create UID

File System key

File contents

File metadata

File key

class ECC public key

fPubK, fPrvK

File Create

ECC key agreement

UIDFile System

File contents

File metadata

File key

File Create File System

File contents

File metadata

File key

File Open File System

File contents

File metadata

File key

class ECC private key

File Open UID

File System key

Passcodekey

File contents

File metadata

File key

class ECC private key

File Open

ECC key agreement

UIDFile System

Passcodekey

Data protection classes

• NSFileProtectionComplete

– e.g., password manager data container

• NSFileProtectionCompleteUntilFirstUserAuthentication

– e.g., contacts database, notes, messages, photos,...

• NSFileProtectionCompleteUnlessOpen

– e.g., background downloads, healthKit journal

• NSFileProtectionNone

– device without passcode, do not use.

Protected data availability

• App Delegates

– applicationProtectedDataWillBecomeUnavailable:

– applicationProtectedDataDidBecomeAvailable:

• NSNotificationCenter

– UIApplicationProtectedDataWillBecomeUnavailable

– UIApplicationProtectedDataDidBecomeAvailable

• On demand check

– [[UIApplication sharedApplication] protectedDataAvailable]

KeyChain

https://materialdesignicons.com/

KeyChain

• Place to store small sensitive data

– usernames, passwords, tokens, certificates,

– private keys, symmetric keys

• /var/Keychains/keychain-2.db

• All entries encrypted with entry-key

– Protection classes. Potential Passcode dependency

– *ThisDeviceOnly

KeyChain Usage

• Original API ugly/complicated (C-style, ARC bridging)

NSMutableDictionary *dict = [NSMutableDictionary dictionary];

NSData *passwordData = [@"mypassword" dataUsingEncoding:NSUTF8StringEncoding];

dict[(__bridge id) kSecClass] = (__bridge id) kSecClassGenericPassword;

dict[(__bridge id) kSecAttrLabel] = @"Conglomco login";

dict[(__bridge id) kSecAttrDescription] = @"This is your password for the x service.";

dict[(__bridge id) kSecAttrAccount] = @"dthiel";

dict[(__bridge id) kSecAttrService] = @"com.isecpartners.SampleKeychain";

dict[(__bridge id) kSecValueData] = passwordData;

dict[(__bridge id) kSecAttrAccessible] = (__bridge id) kSecAttrAccessibleWhenUnlocked;

OSStatus error = SecItemAdd((__bridge CFDictionaryRef)dict, NULL);

if (error == errSecSuccess) { NSLog(@"Yay"); }

KeyChain Usage

• Wrappers

– github.com/carlbrown/PDKeychainBindingsController

– github.com/granoff/Lockbox

• NSUserDefaults-like API

Get:PDKeychainBindings *bindings = [PDKeychainBindings sharedKeychainBindings];[[[Model sharedModel] currentUser] setAuthToken:[bindings objectForKey:@"authToken"]];

Set:PDKeychainBindings *bindings = [PDKeychainBindings sharedKeychainBindings];[bindings setObject:@"XYZ" forKey:@"authToken"];

KeyChain & Secure Enclave

• iOS 9.0+

• SecKeyGeneratePair()

– Elliptic Curve P256 KeyPair

– attribute kSecAttrTokenIDSecureEnclave

• Public key returned

• Private key stored in Keychain, protected by SEnc ACLs

• Can perform SIGN operation,

• Private key cannot be extracted35 I

KeyChain & Backup

• Unencrypted backup

– Keychain items not re-encrypted

– Recoverable only on the source device

– Backup contains other files in plaintext

• Encrypted backup

– Keychain items re-encrypted (except *ThisDeviceOnly)

– Recoverable on different devices

– All files encrypted as well, protected backup36 I

KeyChain & Jailbreak

• After Jailbreak, all KeyChain entries are readable

– Keychain Viewer by Sogeti, Keychain_Dumper

• Jailbreaking of lost/stolen pass code-protected phone:

– With Secure Enclave (Apple A7+ processor, iOS 7+) not

probable

– Exploit might require restart (recovery mode) →

NSFileProtectionCompleteUntilFirstUserAuthentication

• User can jailbreak his own phone - cannot be avoided37 I

KeyChain & Jailbreak

• Non-standard, multilayer precautions

– Deter script kiddies, complicate automated attacks mnt.

• Ideas:

– Add another layer of encryption / Obfuscation

– Jailbreak detection, tamper detection

– User authentication (e.g., PIN lock screen, enc)

– Secret sharing, server assisted encryption

– Hardware security module - accessory, BT comm38 I

Local storage

Local storage methods

• Plists

• NSUserDefaults

• CoreData

• SQLite

Local storage methods

• NSFileProtectionCompleteUntilFirstUserAuthentication

• Unencrypted backups → plaintext

http://www.slideshare.net/xfempx/ios-app-security-common?qid=d11914b4-0a3e-4d1b-a005-3d404064eace&v=&b=&from_search=15

43 Ihttp://www.slideshare.net/xfempx/ios-app-security-common?qid=d11914b4-0a3e-4d1b-a005-3d404064eace&v=&b=&from_search=15

• https://github.com/sqlcipher/sqlcipher

Core data protection

• https://github.com/project-imas/encrypted-core-data/

Wiping data from SQLite

• DELETE FROM … may not delete data physically

• Data still present in the DB file / Write Ahead Log

• → Rewrite record before removal (same length)

• → From time to time, call VACUUM (warning: VACUUM

rebuilds DB)

Injection attacks - SQL

NSString *uid = [myHTTPConnection getUID];NSString *statement = [NSString stringWithFormat: @"SELECT username FROM users where uid = '%@'",uid];const char *sql = [statement UTF8String];

• Use prepared statements & parameter binding:

const char *sql = "SELECT username FROM users where uid = ?";sqlite3_prepare_v2(db, sql, -1, &selectUid, NULL);sqlite3_bind_int(selectUid, 1, uid);int status = sqlite3_step(selectUid);

IPC - URL

MyApp OtherApp

myApp:// NSString * url = @"myApp://user/passwd";[[UIApplication sharedApplication] openURL:url];

• Apps can register to custom URL Schemes

• Multiple registered apps to the same scheme? Undefined.

IPC - URL

• Do not pass sensitive information via URLs

• Validate incoming URLs carefully (injections)

• Take URL Hijacking into account

IPC - Universal links - iOS 9+

• App can register to listen to web links

– https://www.phone-x.net/contact-me/dusan

• Entitlement is required

• https://www.phone-x.net/apple-app-site-association

{ "applinks": { "apps": [], "details": [ { "appID": "TBEJCS6FFP.com.domain.App", "paths":[ "*" ] } ] }}

• App delegate method: application:continueUserActivity:

restorationHandler:

• Prons:

– Not subject to URL hijacking

– If app not installed, web page is shown

• Android knew it years ago… (as with copy-paste)

Crypto

Broken/weak algorithms

• Kind of broken:

– RC4, MD4

• Not suitable anymore:

– MD5, SHA1, DES

• Weak:

– RSA-1024, DH-1024, ECC 128

• Do not use:

– ECB mode, no padding, custom crypto!

Broken/weak algorithms

57 Ihttp://www.slideshare.net/xfempx/ios-app-security-common?qid=d11914b4-0a3e-4d1b-a005-3d404064eace&v=&b=&from_search=15

Minimal key lengths

• https://www.keylength.com/

Generating random numbers

const int rndBuffSize = 32;NSMutableData * rnd = [NSMutableData dataWithLength:rndBuffSize];uint8_t * rndBuff = (uint8_t*) [rnd mutableBytes];int result = SecRandomCopyBytes(kSecRandomDefault, rndBuffSize, rndBuff);

• Simulator issues

• rand(), random(), arc4random() are not for crypto!

rand() patterns

http://programmers.stackexchange.com/questions/121568/php-rand-function-or-not-so-randhttp://www.scsitoolbox.com/products/cpam.asp

rand() patterns

Generating random numbers

• Generate high-quality random numbers for:

– IV, nonces, salts

• Do not use user provided passwords as encryption keys

– PBKDF2(password, salt, iterations, keyLength), use

kCCPRFHmacAlgSHA256 derivation.

Crypto in a good way

• AES-128, AES-256

– CBC, but with random IV + HMAC. ENC then MAC.

– or GCM = authenticated encryption (prefered)

• RSA-2048, OAEP padding

• ECDSA, ECDHE

• SHA-256

• PBKDF2

Library

• https://github.com/RNCryptor/RNCryptor

NSString *password = @"Secret password";

RNEncryptor *encryptor = [[RNEncryptor alloc] initWithPassword:password];

NSMutableData *ciphertext = [NSMutableData new];

// ... Each time data comes in, update the encryptor and accumulate some ciphertext

[ciphertext appendData:[encryptor updateWithData:data]];

// ... When data is done, finish up ...

[ciphertext appendData:[encryptor finalData]];

Memory considerations

• For sensitive data, use your own allocated memory

• iVars are easy to find & read in runtime analysis

• Wipe the memory after use, rewrite

• https://github.com/project-imas/memory-security

Memory considerations

• For sensitive data, use your own allocated memory

• iVars are easy to find & read in runtime analysis

• Wipe the memory after use, rewrite

• https://github.com/project-imas/memory-security

http://www.slideshare.net/mgianarakis/yow-connected-developing-secure-i-os-applications?qid=6663e884-0bc0-4c89-92a1-e3ccbe1d2aa3&v=&b=&from_search=1

Data leakage

Screenshots cache

68 Ihttp://www.slideshare.net/mgianarakis/yow-connected-developing-secure-i-os-applications?qid=6663e884-0bc0-4c89-92a1-e3ccbe1d2aa3&v=&b=&from_search=1

Screenshots cache

• When switching to background, for task manager

• /var/mobile/Applications/<app-

code>/Library/Caches/Snapshots

• Prevention:

– Clean form contents before transition

– Show window to hidden on transition

– Show splash screen before transition

Screenshots cache

Keyboard cache

• Auto-correct caching

– /private/var/mobile/Library/Keyboard/dynamic-text.dat

• For sensitive fields, disable:

– textField.autocorrectionType =

UITextAutocorrectionTypeNo;

– textField.secureTextEntry = YES;

Logging

• https://github.com/CocoaLumberjack/CocoaLumberjack

• Do not log sensitive data

• In production, disable logs in compile time

– Occupies less memory, logging messages not included

– Do not document apps behavior for an attacker

• If you have to log in production, log only Errors /

Warnings

Jailbreak cont.

Jailbreak detection

• https://github.com/project-imas/security-check

• Detection not 100% reliable

• Avoid simple logic: -(BOOL) isJailbroken;

• Check multiple times during execution.

• Use method inlining

– __attribute__((always_inline))

Method inlining

Transport Security

Certificate pinning

http://sierraware.com/blog/wp-content/uploads/2015/04/certificate_pinning.pnghttps://www.cigital.com/wp-content/uploads/2016/03/Certificate-Chain-Visuals-1-1_750.png

Certificate pinning - preface

• Use secure protocols (https, smtps, imaps, ssh, …)

• Never disable certificate verification, not even in debug

– setAllowsAnyHTTPSCertificate

– continueWithoutCredentialForAuthenticationChallenge

• Use https://letsencrypt.org/ - a free CA

• Some scenarios where cannot use CA

– Want intermediate signing certificate (e.g., server signs)

• Do pinning on self-signed certificate with true CA flag

Certificate pinning - manual way

• Implemented by handling events in

NSURLConnectionDelegate (old API)

– connection:canAuthenticateAgainstProtectionSpace:

– connection:didReceiveAuthenticationChallenge:

• NSURLSessionTaskDelegate (new API)

– URLSession:task:didReceiveChallenge:completionHandler:

• Example app: https://www.owasp.org/index.

php/Pinning_Cheat_Sheet

Certificate pinning - manual way

• Devel phase:

– Add trust anchors as DER encoded certificates to the

application (e.g., resources, binary, obfuscation, …)

• Verification phase:

– Load anchors, create NSArray<SecCertificateRef>

– Process challenge, get SecTrustRef

– Update trust, set anchors, allow only anchors

– Evaluate trust SecTrustEvaluate. OK? Return credential81 I

Certificate pinning - manual way- (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task

didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge

completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition

disposition, NSURLCredential *credential))completionHandler

if ([[challenge protectionSpace].authenticationMethod isEqualToString:

NSURLAuthenticationMethodServerTrust]){

// 1. verify trust

// 2. if OK, create valid credential

Certificate pinning - manual wayconst SecTrustRef trust = [[challenge protectionSpace] serverTrust];

// Obtain trust root CA anchors.

NSArray * anchors = [PEXSecurityCenter getServerTrustAnchors];

SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef) anchors);

SecTrustSetAnchorCertificatesOnly(trust, YES);

// Validate certificate & trust zone against given trust anchors.

SecTrustResultType res = kSecTrustResultInvalid;

OSStatus sanityCheck = SecTrustEvaluate(trust, &res);

return sanityCheck == noErr && [self validateResult:res];

Certificate pinning - manual wayNSURLCredential * const newCredential = [NSURLCredential

credentialForTrust:trust];

[[challenge sender] useCredential:newCredential forAuthenticationChallenge:

challenge];

Certificate pinning - library

• https://github.com/iSECPartners/ssl-conservatory

– +(BOOL)setupSSLPinsUsingDictionnary:(NSDictionary*)

domainsAndCertificates;

– +(BOOL)verifyPinnedCertificateForTrust:(SecTrustRef)trust andDomain:

(NSString*)domain;

• Convenience delegates– ISPPinnedNSURLConnectionDelegate

– ISPPinnedNSURLSessionDelegate

Certificate pinning - library

• https://github.com/AFNetworking

let securityPolicy = AFSecurityPolicy(pinningMode: AFSSLPinningMode.Certificate) let certificatePath = NSBundle.mainBundle().pathForResource("pinned-certificate", ofType: "cer")! let certificateData = NSData(contentsOfFile: certificatePath)!

securityPolicy.pinnedCertificates = [certificateData]; securityPolicy.validatesCertificateChain = false self.securityPolicy = securityPolicy

Certificate pinning - system CA?

• Include or not to include system CA list.

• Trust OK ⇔ systemTrustOK && PinningOK

• Good if:

– your certificates are CA signed (not self-signed, $$$)

– can provide you a revocation (into some extent)

• Bad if:

– your root certificate is self signed

Certificate pinning - defeating

• On Jailbroken devices, certificate verification can be

completely disabled

• https://github.com/iSECPartners/ios-ssl-kill-switch

– Hooks to verifications calls @ runtime,

– patches methods to always return YES;

Certificate pinning - defeating

• On Jailbroken devices, certificate verification can be

completely disabled

• https://github.com/iSECPartners/ios-ssl-kill-switch

– Hooks to verifications calls @ runtime,

– patches methods to always return YES;

TLS security - iOS 9.0+

• App Transport Security - default conn requirements

• NSURLConnection, CFURL, or NSURLSession APIs.

– min TLS 1.2

– forward secrecy cipher suites

– certificates must be valid and signed using SHA-256 +

– min 2048-bit RSA key or 256-bit elliptic curve key

• If req fail → connection fails. By default ON, can override

Resources

• http://damnvulnerableiosapp.com/

Resources

• http://highaltitudehacks.com/2013/10/26/ios-application-

security-part-20-local-data-storage-nsuserdefaults/

Resources

• https://www.owasp.org/index.

php/IOS_Application_Security_Testing_Cheat_Sheet

ios secure app development

Software

app ios olimpiada 2012

matlife app (ios & android)

ios app programming guide

ios app extensions

navigating the ios app store_050413

the kontakios ios app

ios app case study

your second ios app storyboards

ios app development course

how you can secure an ios app? - appngamereskin

ios app user manual_v1.0.7

app store rankings - ios app store aso

ios app hacks

produkt app ios android

fastviewer ios app · 2019-10-30 · fastviewer app for ios...

patternbox app (ios)

ios app development

go-out ios app

ios app development company

beginning ios app localization