Currently i have an application which has a "Remember Me" option for storing User ID.So to store this currently i am using Keychain APIs.
But i have a doubt if by chance device is stolen and somebody jailbreak the device. Can he able to get all these data from keychain?
How to prevent this ?
Click Finder > Go > Utilities > Keychain Access. 2) In Keychain Access, select the Passwords category on the left to review the list of sites and services for which you've saved a password. 3) Right-click the service you want to edit/remove, then left-click Delete.
Overview. Keychain items are encrypted using two different AES-256-GCM keys: a table key (metadata) and a per-row key (secret key). Keychain metadata (all attributes other than kSecValue) is encrypted with the metadata key to speed searches, and the secret value (kSecValueData) is encrypted with the secret key.
The most important thing when using the KeyChain is to not use kSecAttrAccessibleAlways
or kSecAttrAccessibleAlwaysThisDeviceOnly
because then data is not encrypted securely (see Apple's documentation). Not using these adds a layer of security to KeyChain data, but still, a strong passcode would be required by the user to protect his data. If the user has no passcode on the device, the data is unprotected. If the user has a 4-digit passcode (the standard), the data is protected very weakly and can be brute forced in minutes.
If you require protection from jailbreak (and other attacks), your best option is to not use the KeyChain, but create an encrypted sensitive data store of your own and require the user to have a secure passcode. Store the data encrypted using a key generated from that passcode.
This could inconvenience your users, so if you wish to provide a grace period between requiring passcode, think of a way to provide a session cookie to the app which is invalidated after a set period of time.
To be extra safe I'd add another layer of security on top of everything and make a simple check if the device is jailbroken. If that's the case I'd delete the current KeyChain \ sensitive data.
Something like that:
NSString *filePath = @"/Applications/Cydia.app";
if ([[NSFileManager defaultManager] fileExistsAtPath:filePath])
{
//Device is jailbroken --> delete KeyChain
}
Or even better:
FILE *f = fopen("/bin/bash", "r");
BOOL isbash = NO;
if (f != NULL)
{
//Device is jailbroken --> delete KeyChain
isbash = YES;
}
fclose(f);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With