While our main expertise is Angular & Web development, we create mobile applications as well. Today we want to talk about testing vulnerabilities in iOS apps—penetration testing (or simply pentesting). In this article, we’ll introduce you to pentesting and preparing device for it and then, in the next article, show you how to detect vulnerabilities themselves.
iOS is designed with a particular emphasis on security. All third party applications run in their sandboxes—secure environments that isolate their data, not allowing any manipulation of files from other applications or the operating system. Although, an app can access special shared data, like photos from the album or contact data, but it is not possible for an app to directly access files written by other apps. There's nowhere to turn—the app can't go beyond its sandbox and steal or break some other app.
By default, iDevices—all Apple devices running iOS—are not allowed to install apps from any source except the official Apple App Store. Apple is careful to ensure that no malware gets there, and approves applications only after studying their code.
The only exception is jailbroken devices. Jailbreaking permits root access—absolute power—in Apple's mobile operating system, allowing the installation of external, potentially harmful, software. Jailbreaking gives a lot of work to Apple developers: they need to improve iOS security constantly and close new vulnerabilities. They even regularly pay hackers to find new holes.
iOS becomes more and more invulnerable every day. While iOS 13 was released on September 19, 2019, the app to jailbreak device with iOS 13 is just in its beta version. The latest stable version of iOS to have a stable jailbreaking available to the public is 12.4.
Besides, a lot of users continue using previous iOS versions and devices with it:
As long as there are users of older operating systems and you distribute an application that supports older iOS versions, your app should be checked for security vulnerabilities. The old versions are still commonly used, so jailbreaking remains a topical subject.
Jailbreaking allows finding vulnerabilities that can cause financial damage to the app owner. Hackers can deprive the business of its income or steal from you. Here are just several possible situations:
For more detailed information on possible risks see OWASP Top 10 Mobile Risks, the Year 2016.
As well as your app may be affected by hackers, jailbreaking puts the device you're testing on at risk. Make sure that the test device or its apps don’t have important sensitive data (e.g. make sure you don’t have a bank app installed) before you start—it may be damaged or stolen too. Therefore, we recommend using a separate device for such testing.
Depending on the iOS version, jailbreaking method will vary and require installation from your PC. Let’s review how to jailbreak iOS 12.4 without connection to PC:
NOTE: If the app ends up freezing, wait for a few minutes. In case that does not work, reboot your iDevice and then repeat the above steps.
Since Cydia is no longer being actively updated, you can install an alternative store that was developed to fill the gap—Sileo, which works for iOS11 or newer.
Cydia and Sileo will allow downloading of tweaks—mini-apps that initially were intended to add more features for iOS users (like customizing the interface look) but later included tools to hit vulnerabilities of your app. Besides Store's tweaks, your app can also be harmed by self-written injections. Hackers are more likely to write their tweaks for a particular app to crack it. This will be a narrow expensive professional work.
The iDevices are famed for their focus on safety. By default, any downloaded application will not interfere with other apps without user confirmation, so possibilities of accessing sensitive data are limited by design. But there is a loophole—jailbreaking—hacking Apple protection system to gain full access to the user's device. Users can set non-approved software and have a deeper access to all installed applications.
Jailbreaking adds work not only to the Apple team but also to iOS app developers and test engineers. If your business can potentially suffer from application-related financial loss, you should check your application for the possibility of hackers to do anything harmful via the jailbroken device. Almost every app is potentially vulnerable—not just apps with in-app purchases or other money-related features.
Jailbreaking is possible on all iOS versions up to 13. Since Apple is continuously working on security, the quantity of iOS vulnerabilities is getting smaller and smaller. Still, you should pay attention to the statistics of different old iOS versions—if users don't use some old iOS version, don’t bother supporting it. There will be fewer chances to crack it and less work for a developer and test engineer to work through vulnerabilities available only on jailbroken devices.
Having introduced you to iOS app vulnerabilities, we will later talk about penetration testing (or simply pentesting) to cover several test cases.
Stay on guard, fellas!
Let's discuss how Valor Software can help with your development needs!