Press Release

MWR Launches Needle: An iOS Security Testing Framework


MWR InfoSecurity has today released Needle – its new open source modular framework for security professionals and developers to conduct security assessments of iOS applications.

With Apple announcing over 1billion active devices (a 27% market share), insecure code can pose a risk to the rest of the organisation’s IT infrastructure and potentially to the data stored and/or accessed by these devices.

Speaking about the drive for creating Needle, Marco Lancini - Security Consultant at MWR InfoSecurity - explained: “While we developed and released Drozer in 2013 for the Android ecosystem, iOS proved trickier due to its closed nature. In recent years, thousands of iOS tools have been developed for specific needs, with different modes of operation and syntax, but there isn’t currently a ‘one size fits all’ iOS option. Needle addresses this.”

Application developers are offering a myriad of services: from general use, such as banking and e-commerce, to the more business focused, such as customer relationship management and accounting software, as well as everything in between. Making sure the way they handle, process, and store sensitive information is essential. Needle offers a single automated tool with an intuitive interface, and which aims to streamline the entire process of conducting security assessments of iOS applications. Data storage, inter-process communication, network communications, static code analysis, hooking and binary protections are a few examples of testing areas covered by Needle.

Marco concluded: “Needle requires minimal installation, and can be used not only by security professionals (by helping them reduce the time needed to perform an assessment), but also by developers looking to secure their code and ensure applications are behaving securely and responsibly. Needle has also been designed to make creating and adding new modules easy, and we’d be happy to hear feedback and work with the community to help enhance its capabilities and shape its future.”

Needle, and its source code, can be downloaded from MWR's Github profile:

For more information about MWR InfoSecurity, its services and research, visit:




As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
We are certified in the ISO 9001 quality management system (QMS) in the UK, ensuring reliable delivery of our products and services.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR are approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.