logo

Database

Insecure service configuration - App Transport Security

Need

Enforce secure connections (HTTPS) for all communication between the application and external servers

Context

• Usage of Swift for iOS and macOS app development

• Usage of UIKit for building modern and responsive user interfaces

Description

1. Non compliant code

import UIKit

@UIApplicationMain
class AppDelegate: UIResponder, UIApplicationDelegate {

    func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
        // Override point for customization after application launch.
    }...

In the code above, the `info.plist` file contains a dictionary with a key `NSAppTransportSecurity`. This key is used to specify how the app interacts with the servers over a network. The dictionary contains another key `NSAllowsArbitraryLoads` which is set to `true`. This means that the app is allowed to make insecure connections to servers. The `NSAllowsArbitraryLoads` key is a part of the App Transport Security (ATS) settings. When set to `true`, it allows the app to bypass the secure connections that are usually enforced by the ATS. This means that the app can make connections over HTTP, which is not secure, instead of HTTPS, which is secure. This can lead to various security issues such as data interception and manipulation by attackers. Good security practices recommend that all connections made by the app to servers should be secure. This means that the `NSAllowsArbitraryLoads` key should be set to `false` or should be removed entirely to enforce the use of secure connections.

2. Steps

• Disable NSAllowsArbitraryLoads option in the NSAppTransportSecurity function

• Configure NSExceptionDomains to allow specific insecure connections if necessary

• Use HTTPS connections for all external servers in the application

3. Secure code example

import UIKit

@UIApplicationMain
class AppDelegate: UIResponder, UIApplicationDelegate {

    func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
        // Override point for customization after application launch.
    }...

The above code is a standard AppDelegate.swift file in a Swift iOS application. However, it has a security vulnerability related to the App Transport Security (ATS) settings. The NSAppTransportSecurity function has the NSAllowsArbitraryLoads option enabled, which allows insecure HTTP connections to the application. This is a security risk as it exposes the application to potential man-in-the-middle attacks. To fix this vulnerability, we need to disable the NSAllowsArbitraryLoads option in the NSAppTransportSecurity function. This can be done by modifying the application's Info.plist file. Here is the fixed code: ```xml <key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <false/> <key>NSExceptionDomains</key> <dict> <key>yourserver.com</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> <key>NSTemporaryExceptionMinimumTLSVersion</key> <string>TLSv1.2</string> </dict> </dict> </dict> ``` In the above code, we have set NSAllowsArbitraryLoads to false, which means the application will not allow any insecure HTTP connections. However, if there are specific servers that need to be accessed over HTTP, we can add them to the NSExceptionDomains list. In this case, we have added "yourserver.com" as an exception. Please replace "yourserver.com" with the actual server domain that your application needs to access over HTTP. Also, ensure that all other external servers that your application connects to use HTTPS.