For Part Two of the exposing data vulnerabilities webinar, Brian Robison and Steven Smiley discussed how data is stored and protected within iOS and Android devices.
Watch the entire webinar for all the details, or keep reading to learn more about exposing vulnerabilities in data at rest.
Pentesting mobile applications can be costly and time-consuming. One reason: getting specific devices with a particular OS version can be difficult.
Access within those devices complicates the issue: Are they jailbroken or rooted? Managing devices, installing and configuring security tools and tweaks can take a lot of time. Virtualization solves this problem, allowing you to take a snapshot of a configured device and restore to a perfect state within seconds.
iOS application data can be stored in the device Keychain, NSUserDefaults, Application Databases, and PLIST files (property files) on iOS devices. Unfortunately, developers store data everywhere, even where they shouldn’t.
Most people think keychain storage is impenetrable, but data stored there can be accessed. Threat researchers can use Objection Runtime Exploration, Frida scripts, or third-party tools to dump the keychain, exposing potentially sensitive data in plain text with just a few keyboard commands and access to a device.
Data stored in the iOS keychain also relies on attributes to enhance security protections. Attributes are used to specify various aspects of the data, such as accessibility and authentication requirements. It is important to ensure that you know how your application uses the Keychain, is your data encrypted? What attributes are being utilized to increase the overall security of your data.
NSUserDefaults is an iOS mechanism for storing small amounts of user data persistently. Typically these are used for non-sensitive data such as user settings, preferences, etc. Using a Frida script or even a framework like Objection the NSUserDefaults for an application can be viewed in plaintext. These should always be reviewed as part of a security assessment to ensure no sensitive data is being stored within.
iOS applications utilize a variety of databases, including SQLite, Core Data and Realm, to store user data such as settings, preferences and even app-specific personal data.
Within Corellium, you can easily browse the iOS local data storage, download it, and review it to find potential storage related vulnerabilities. Corellium offers root access for all iOS versions.
Android applications tend to store user data in Shared Preferences, External Storage, and various Application Databases.
Shared preferences use an XML file to store primitive data in key-value pairs. This is suitable for storing application preferences, but not sensitive data, as the file is accessible to anyone. These are stored in the application local data directory and are easily discoverable. Corellium can provide you quick access to identify these files and determine if there is any potential sensitive data exposed.
Data stored within external storage, such as SD cards become vulnerable if the files are set to be word-readable, potentially exposing sensitive information. Even if you uninstall an application, any data that was stored within the external storage will persist and should be reviewed as part of a security assessment.
Android applications commonly use encrypted or unencrypted SQLite, Realm, or Firebase databases stored locally. Unencrypted data poses a risk as it’s easily accessible to anyone with device access. Encrypted data could also be vulnerable depending on where the key/passphrase is stored.
A few tips on how to protect mobile app data include:
Watch the full webinar on-demand to learn more about how to use Corellium for mobile app testing and advanced analysis of your app.
Equip your security teams with unprecedented tools for both manual and automated testing, freeing up valuable engineering time and saving money. Discover the power of Corellium’s high-fidelity virtual devices and spin-up near limitless combinations of device and OS with one-click jailbreak/root access. Book a meeting today to see how we can streamline your processes and reduce costs.