Press Release

MWR Launches Needle: An iOS Security Testing Framework

MWR InfoSecurity has today released Needle – its new open source modular framework for security professionals and developers to conduct security assessments of iOS applications.

With Apple announcing over 1billion active devices (a 27% market share), insecure code can pose a risk to the rest of the organisation’s IT infrastructure and potentially to the data stored and/or accessed by these devices.

Speaking about the drive for creating Needle, Marco Lancini - Security Consultant at MWR InfoSecurity - explained: “While we developed and released Drozer in 2013 for the Android ecosystem, iOS proved trickier due to its closed nature. In recent years, thousands of iOS tools have been developed for specific needs, with different modes of operation and syntax, but there isn’t currently a ‘one size fits all’ iOS option. Needle addresses this.”

Application developers are offering a myriad of services: from general use, such as banking and e-commerce, to the more business focused, such as customer relationship management and accounting software, as well as everything in between. Making sure the way they handle, process, and store sensitive information is essential. Needle offers a single automated tool with an intuitive interface, and which aims to streamline the entire process of conducting security assessments of iOS applications. Data storage, inter-process communication, network communications, static code analysis, hooking and binary protections are a few examples of testing areas covered by Needle.

Marco concluded: “Needle requires minimal installation, and can be used not only by security professionals (by helping them reduce the time needed to perform an assessment), but also by developers looking to secure their code and ensure applications are behaving securely and responsibly. Needle has also been designed to make creating and adding new modules easy, and we’d be happy to hear feedback and work with the community to help enhance its capabilities and shape its future.”

Needle, and its source code, can be downloaded from MWR's Github profile:

For more information about MWR InfoSecurity, its services and research, visit:



Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.