Automated Binary Analysis on iOS - A Case Study on Cryptographic Misuse in iOS Applications

Johannes Feichtner, David Missmann, Raphael Spreitzer

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

A wide range of mobile applications for Apple's iOS platform process sensitive data and, therefore, rely on protective mechanisms natively provided by the operating system. A wrong application of cryptography or security-critical APIs, however, exposes secrets to unrelated parties and undermines the overall security.

We introduce an approach for uncovering cryptographic misuse in iOS applications. We present a way to decompile 64-bit ARM binaries to their LLVM intermediate representation (IR). Based on the reverse-engineered code, static program slicing is applied to determine the data flow in relevant code segments. For this analysis to be most accurate, we propose an adapted version of Andersen's pointer analysis, capable of handling decompiled LLVM IR code with type information recovered from the binary. To finally highlight the improper usage of cryptographic APIs, a set of predefined security rules is checked against the extracted execution paths. As a result, we are not only able to confirm the existence of problematic statements in iOS applications but can also pinpoint their origin.

To evaluate the applicability of our solution and to disclose possible weaknesses, we conducted a manual and automated inspection on a set of iOS applications that include cryptographic functionality. We found that 343 out of 417 applications (82%) are subject to at least one security misconception. Among the most common flaws are the usage of non-random initialization vectors and constant encryption keys as input to cryptographic primitives.
Spracheenglisch
TitelProceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks
ErscheinungsortNew York
Herausgeber (Verlag)Association of Computing Machinery
Seiten236-247
Seitenumfang12
ISBN (Print)978-1-4503-5731-9
DOIs
StatusVeröffentlicht - 2018
VeranstaltungACM Conference on Security and Privacy in Wireless and Mobile Networks - Stockholm, Schweden
Dauer: 18 Jun 201820 Jun 2018
https://wisec18.conf.kth.se/

Konferenz

KonferenzACM Conference on Security and Privacy in Wireless and Mobile Networks
KurztitelWiSec
LandSchweden
OrtStockholm
Zeitraum18/06/1820/06/18
Internetadresse

Fingerprint

Application programming interfaces (API)
Cryptography
Computer operating systems
Inspection
Defects

Schlagwörter

    Dies zitieren

    Feichtner, J., Missmann, D., & Spreitzer, R. (2018). Automated Binary Analysis on iOS - A Case Study on Cryptographic Misuse in iOS Applications. in Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks (S. 236-247). New York: Association of Computing Machinery. https://doi.org/10.1145/3212480.3212487

    Automated Binary Analysis on iOS - A Case Study on Cryptographic Misuse in iOS Applications. / Feichtner, Johannes; Missmann, David; Spreitzer, Raphael.

    Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. New York : Association of Computing Machinery, 2018. S. 236-247.

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Feichtner, J, Missmann, D & Spreitzer, R 2018, Automated Binary Analysis on iOS - A Case Study on Cryptographic Misuse in iOS Applications. in Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. Association of Computing Machinery, New York, S. 236-247, ACM Conference on Security and Privacy in Wireless and Mobile Networks, Stockholm, Schweden, 18/06/18. https://doi.org/10.1145/3212480.3212487
    Feichtner J, Missmann D, Spreitzer R. Automated Binary Analysis on iOS - A Case Study on Cryptographic Misuse in iOS Applications. in Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. New York: Association of Computing Machinery. 2018. S. 236-247 https://doi.org/10.1145/3212480.3212487
    Feichtner, Johannes ; Missmann, David ; Spreitzer, Raphael. / Automated Binary Analysis on iOS - A Case Study on Cryptographic Misuse in iOS Applications. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. New York : Association of Computing Machinery, 2018. S. 236-247
    @inproceedings{535ac769b6c442669f07d71b62bbb65b,
    title = "Automated Binary Analysis on iOS - A Case Study on Cryptographic Misuse in iOS Applications",
    abstract = "A wide range of mobile applications for Apple's iOS platform process sensitive data and, therefore, rely on protective mechanisms natively provided by the operating system. A wrong application of cryptography or security-critical APIs, however, exposes secrets to unrelated parties and undermines the overall security.We introduce an approach for uncovering cryptographic misuse in iOS applications. We present a way to decompile 64-bit ARM binaries to their LLVM intermediate representation (IR). Based on the reverse-engineered code, static program slicing is applied to determine the data flow in relevant code segments. For this analysis to be most accurate, we propose an adapted version of Andersen's pointer analysis, capable of handling decompiled LLVM IR code with type information recovered from the binary. To finally highlight the improper usage of cryptographic APIs, a set of predefined security rules is checked against the extracted execution paths. As a result, we are not only able to confirm the existence of problematic statements in iOS applications but can also pinpoint their origin.To evaluate the applicability of our solution and to disclose possible weaknesses, we conducted a manual and automated inspection on a set of iOS applications that include cryptographic functionality. We found that 343 out of 417 applications (82{\%}) are subject to at least one security misconception. Among the most common flaws are the usage of non-random initialization vectors and constant encryption keys as input to cryptographic primitives.",
    keywords = "iOS, Reverse Engineering, Program Analysis, Cryptographic Misuse",
    author = "Johannes Feichtner and David Missmann and Raphael Spreitzer",
    year = "2018",
    doi = "10.1145/3212480.3212487",
    language = "English",
    isbn = "978-1-4503-5731-9",
    pages = "236--247",
    booktitle = "Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks",
    publisher = "Association of Computing Machinery",
    address = "United States",

    }

    TY - GEN

    T1 - Automated Binary Analysis on iOS - A Case Study on Cryptographic Misuse in iOS Applications

    AU - Feichtner, Johannes

    AU - Missmann, David

    AU - Spreitzer, Raphael

    PY - 2018

    Y1 - 2018

    N2 - A wide range of mobile applications for Apple's iOS platform process sensitive data and, therefore, rely on protective mechanisms natively provided by the operating system. A wrong application of cryptography or security-critical APIs, however, exposes secrets to unrelated parties and undermines the overall security.We introduce an approach for uncovering cryptographic misuse in iOS applications. We present a way to decompile 64-bit ARM binaries to their LLVM intermediate representation (IR). Based on the reverse-engineered code, static program slicing is applied to determine the data flow in relevant code segments. For this analysis to be most accurate, we propose an adapted version of Andersen's pointer analysis, capable of handling decompiled LLVM IR code with type information recovered from the binary. To finally highlight the improper usage of cryptographic APIs, a set of predefined security rules is checked against the extracted execution paths. As a result, we are not only able to confirm the existence of problematic statements in iOS applications but can also pinpoint their origin.To evaluate the applicability of our solution and to disclose possible weaknesses, we conducted a manual and automated inspection on a set of iOS applications that include cryptographic functionality. We found that 343 out of 417 applications (82%) are subject to at least one security misconception. Among the most common flaws are the usage of non-random initialization vectors and constant encryption keys as input to cryptographic primitives.

    AB - A wide range of mobile applications for Apple's iOS platform process sensitive data and, therefore, rely on protective mechanisms natively provided by the operating system. A wrong application of cryptography or security-critical APIs, however, exposes secrets to unrelated parties and undermines the overall security.We introduce an approach for uncovering cryptographic misuse in iOS applications. We present a way to decompile 64-bit ARM binaries to their LLVM intermediate representation (IR). Based on the reverse-engineered code, static program slicing is applied to determine the data flow in relevant code segments. For this analysis to be most accurate, we propose an adapted version of Andersen's pointer analysis, capable of handling decompiled LLVM IR code with type information recovered from the binary. To finally highlight the improper usage of cryptographic APIs, a set of predefined security rules is checked against the extracted execution paths. As a result, we are not only able to confirm the existence of problematic statements in iOS applications but can also pinpoint their origin.To evaluate the applicability of our solution and to disclose possible weaknesses, we conducted a manual and automated inspection on a set of iOS applications that include cryptographic functionality. We found that 343 out of 417 applications (82%) are subject to at least one security misconception. Among the most common flaws are the usage of non-random initialization vectors and constant encryption keys as input to cryptographic primitives.

    KW - iOS

    KW - Reverse Engineering

    KW - Program Analysis

    KW - Cryptographic Misuse

    U2 - 10.1145/3212480.3212487

    DO - 10.1145/3212480.3212487

    M3 - Conference contribution

    SN - 978-1-4503-5731-9

    SP - 236

    EP - 247

    BT - Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

    PB - Association of Computing Machinery

    CY - New York

    ER -