PRODUCTS
App Integrity Protection

Security for Apple iOS Mobile Applications

Protect Apps on Apple iOS


Apple is Popular with Mobile Developers

With billions of apps downloaded from the Apple app store, Apple iOS support is near-mandatory for mobile developers. The range of apps available is continuing to blossom as well, as digital media providers, enterprises and other software developers are taking their core apps and making them available for mobile, internet-connected consumers such as Apple users. This means that more and more, critical code is being globally distributed on Apple iOS devices as feature-rich apps provide consumers with mobile access to premium content and sensitive information.

Apple Apps are Vulnerable

Like other mobile code or for that matter, desktop code or embedded code, Apple apps are vulnerable to discovery and compromise. Rapid, global distribution facilitates sophisticated collaboration of cybergangs.

Readily available toolkits can be used by hackers to compromise Apple iOS code through:

  • reverse-engineering
  • disassembly
  • debugging
  • or malware insertion

Top iOS Mobile App Integrity Threats

1.Tampering with Jailbreak-Detection Logic 
2.Repackaging of iOS App IPA’s
3.Reverse-Engineering and Exploitation of Objective-C Class Interfaces and Message Passing
4.Exposure and Exploitation of Program Symbols
5.Exposure and Exploitation of Unencrypted String Literals
6.Tampering with Critical Decision-Making Control Flows 
7.Intercepting and Compromising System Library API’s 
8.Reverse-Engineering and Tampering with Cryptographic Keys and Operations
9.Reverse-Engineering and Intercepting Credentials
10.Reverse-Engineering and Lifting Proprietary Algorithms

 

The Attacks

Attacks have been known to include malware, software piracy, theft of intellectual property, and data theft. Carrier and device maker business models are also at risk. Jailbreaking, for example, interferes with the carrier’s business model, and also puts every other application (and related data) in danger of reverse engineering, tampering and theft.

With users willing to bypass security features and jailbreak phones in increasing numbers, enterprises face increased risks. Applications running on jailbroken devices are more vulnerable to attacks and represent an expanding mobile attack surface. Mobile device management (MDM) and home-grown solutions alone are not enough as they can be easily by-passed by sophisticated hackers targeting the application perimeter.

Software protection is needed to ensure business models, intellectual property (IP), and digital rights management (DRM) requirements.

EnsureIT for Apple iOS

Arxan’s EnsureIT for Apple iOS delivers automated embedded software protection that is easy to deploy, durable and resilient. EnsureIT defends, detects and reacts to attempted attacks by deploying various security techniques (called Guards) such as obfuscation, jailbreak detection, checksum and anti-debug directly into the software code of each application for defense-in-depth. This layered pro­tection of diverse Guard types provides control, trust and tamper-resistance for the application.

Arxan’s new Jailbreak Detection Guard detects if an app is running in a jailbroken environment, and can trigger customized reactions to safeguard the critical and high-value attributes of an app on an unsecured device. Furthermore, Jailbreak Detection capability is delivered with “built-in” tamper-resistance. 

The result is customized, low-impact, high-durability application security that is embedded into applications to protect valuable assets.

EnsureIT for Apple iOS- Core Features

  • Tamper resistant jailbreak detection
  • Tunable security for mobile platforms and their application offerings
  • Layered network of protections, with no single point of failure
  • Requires no changes to source code
  • Support within X code
  • Support for the ARM processor
  • Command line interface to integrate into build environment
  • No single point of failure

 

apple-ios

Jailbreak

Resources

Mobile Software Protection

"The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years, adding features, speed and computing power. But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for stealing data that rival anything seen on the desktop, experts say."

- Threatpost Editors

 

Terms of Use|Site Map

Ā© 2014 Arxan Technologies, Inc. All Rights Reserved.