Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Secure iOS apps with cycript

Tags:

security

ios

With the cycript technology, all iOS application are able to debug and able to access variables and methods inside application.

And also it is possible to overwrite the runtime variables and methods.

Is there any way to secure the application to accessing those instances to avoid hackers to access high secure values?

like image 543
Srini Avatar asked Sep 26 '13 07:09

Srini


1 Answers

With the cycript technology, all iOS application are able to debug and able to access variables and methods inside application. And also it is possible to overwrite the runtime variables and methods.

YES Cycript (easy) / MobileSubstrate (intermediate) / GDB for iOS (more advanced) allow you to modify the runtime environment (i.e. methods/objects/i.variables) and do much more.

Is there any way to secure the application to accessing those instances to avoid hackers to access high secure values?

There is no 100% safe way. As someone said once you can't stop every hacker, but you can slow down and discourage most of them. Then if you protect your app against some types of attacks your app will stand a tiny bit longer without being hacked.

For iOS development, there is one thing to remember : Objective-C (and Swift) make it really easy for hackers to manipulate the runtime and do static analysis. In brief detail : this is due to the way in which these languages are compiled and organized in the binary.

Since it is a due to the language, you can use other languages in order to avoid this ! That's why it is recommended to use other languages like C/C++ instead of Objective-C/Swift for security-related code which process sensitive informations. For instance, Cycript cannot access C/C++ code and thus cannot modify an environment coded in those languages.

Practically, if you use cross-platform tools to develop your apps (like Cocos2d, Unity, ...) you may be protected against such debugger-based attacks (like Cycript, GDB) because most of these cross-platform dev tools only use Objective-C / Swift for the very first steps when the application launches, and they compile your app logic in whatever language you develop in (e.g. C++ for Cocos2d and Unity).

like image 171
Jeffrey Mvutu Mabilama Avatar answered Nov 15 '22 11:11

Jeffrey Mvutu Mabilama