In a session at Black Hat USA 2016, on Wednesday 3 August, Marco Lancini - Security Consultant at MWR InfoSecurity will demonstrate publicly for the first time Needle – MWR’s new open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications.
Marco explains, “Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. In 2013 MWR released Drozer for the Android ecosystem, however iOS did not have an equivalent – until now.”
Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.
Marco adds, “During my session at Black Hat Arsenal, I will describe Needle’s architecture, capabilities and roadmap. I will also demonstrate how Needle can be used to find vulnerabilities in iOS applications from both a black-box and white-box perspective (if source code is provided).”
Marco’s session, titled ‘Needle: Finding Issues within iOS Applications’ will be at 10am (PDT) in the Palm Foyer, Level 3, Station 1 at Black Hat Arsenal, USA in Las Vegas on Wednesday 3 August 2016.