Saturday 13 February 2016

Swift.nV: A "Secret Keeper" Application For iOS

Swift.nV A "Secret Keeper" Application For iOS

Swift.nV: A "Secret Keeper" Application For iOS.

Swift.nV is a security training tool/application that instructs about how the vulnerabilities found and how we can prevent them. It is an iOS "secret keeper" application.

How can you install the setup?

The tool Swift.nV is being tested using:

XCode 7.2
iOS Simulator 
    - iPhone 4s/5/5s/6/6+/6s/6s+
    - iPad 2/Air/Air 2/Pro
    - iOS 9.2
Ruby + Sinatra (for the backend web service)
    Required Ruby Gems:
    - sinatra, dm-core, dm-timestamps, dm-migrations, dm-serializer, bcrypt

How you can Run this tool?

- Firstly by using XCode 7.2 open the Swift.nV.xcodeproj using XCode 7.2
- After that you need to Start the Sinatra backend web service:
    - Run "bundle install" command in api directory to install gems  
    - Run "ruby api.rb" command in api directory
    - This service should run on localhost ( port 4567
- Select one of the iOS Simulator targets and then click on Run icon 
- If its fails with linker errors, then remove the Swift.nV-* directories in ~/Library/Developer/Xcode/DerivedData

How can you Use this tool?

- To setup a new user, you have to click on the 'Register' icon.
- After that login with the registered user
- And then Add secrets to it

Exploration of Swift.nV

- For exploring it view the simulator data storage under:
    - ~/Library/Developer/CoreSimulator/Devices/<Device-ID>/data/Containers/Data/Application/<Application-ID>/Documents
    - ~/Library/Developer/CoreSimulator/Devices/<Device-ID>/data/Library/Preferences/

What can be the Intentional Vulnerabilities?

Here is the list of all intentional vulnerabilities

- Weak Server Side Controls (M1) is to force browsing.
- Weak Server Side Controls (M1) is to authentication bypass.
- As Core Data stored in a local database which can also lead to the vulnerability.
- Insecure Data Storage (M2) - Username/email address is in the user preferences plist file.
- No SSL for Insufficient Transport Layer Protection (M3).
- There are No protections of automatic iOS background screenshots.
- Log contains multiple sensitive strings.
- Autocomplete is also not enabled on sensitive screens.
- If Login form is not cleared.
- Poor Authorization and Authentication (M5) can also be vulnerabilities in terms of bypasses authentication, allow a user to view another's info.
- The secret "Cryptokey" is stored in Environment.plist file which can also be a vulnerability.
- To the Client Side Injection (M7) there is a vulnerability of Format string injection.
- Intentional vulnerabilities also include Improper Session Handling (M8) in which it is unable to communicate to API.



Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer