The Problem
In 2013, assessing the security of iOS applications still involves a
lot of manual, time-consuming tasks - especially when performing a
black-box assessment. Without access to source code, a comprehensive
review of these application currently requires in-depth knowledge of
various APIs and the ability to use relatively complex, generic tools
such as Cycript, or Mobile Substrate - or just jump straight into the
debugger.
To simplify this process, we are releasing Introspy - an open-source
security profiler for iOS. Introspy is designed to help penetration
testers understand what an application does at runtime.
How Introspy works
The tool comprises two separate components: an iOS tracer and an analyzer.
The iOS tracer can be installed on a jailbroken iOS device. It will
hook security-sensitive APIs called by a given application, including
functions related to cryptography, IPCs, data storage / protection,
networking, and user privacy. The call details are all recorded and
persisted in a SQLite database on the device.
This database can then be fed to the Introspy analyzer, which
generates an HTML report displaying all recorded calls, plus a list of
potential vulnerabilities affecting the application.
Tracer
Once installed, the tracer will store in a SQLite database all calls made by iOS applications to security-sensitive APIs.