MWR InfoSecurity has today released Needle – its new open source modular framework for security professionals and developers to conduct security assessments of iOS applications.
With Apple announcing over 1billion active devices (a 27% market share), insecure code can pose a risk to the rest of the organisation’s IT infrastructure and potentially to the data stored and/or accessed by these devices.
Speaking about the drive for creating Needle, Marco Lancini - Security Consultant at MWR InfoSecurity - explained: “While we developed and released Drozer in 2013 for the Android ecosystem, iOS proved trickier due to its closed nature. In recent years, thousands of iOS tools have been developed for specific needs, with different modes of operation and syntax, but there isn’t currently a ‘one size fits all’ iOS option. Needle addresses this.”
Application developers are offering a myriad of services: from general use, such as banking and e-commerce, to the more business focused, such as customer relationship management and accounting software, as well as everything in between. Making sure the way they handle, process, and store sensitive information is essential. Needle offers a single automated tool with an intuitive interface, and which aims to streamline the entire process of conducting security assessments of iOS applications. Data storage, inter-process communication, network communications, static code analysis, hooking and binary protections are a few examples of testing areas covered by Needle.
Marco concluded: “Needle requires minimal installation, and can be used not only by security professionals (by helping them reduce the time needed to perform an assessment), but also by developers looking to secure their code and ensure applications are behaving securely and responsibly. Needle has also been designed to make creating and adding new modules easy, and we’d be happy to hear feedback and work with the community to help enhance its capabilities and shape its future.”
Needle, and its source code, can be downloaded from MWR's Github profile: mwr.to/needle.
For more information about MWR InfoSecurity, its services and research, visit: https://www.mwrinfosecurity.com/