Swift Insecure Tcp Connection
Description
Detects network connections in Swift applications that use insecure TCP configuration. Using unencrypted TCP connections can expose sensitive data to network sniffing and man-in-the-middle attacks, as data is transmitted in plaintext.
Detection Strategy
• Identifies creation of NWConnection objects in Swift code
• Checks if the connection protocol parameter is set to '.tcp' or derives from an unsafe variable
• Reports a vulnerability when a NWConnection is configured to use plain TCP without encryption
Vulnerable code example
import Network
let host = NWEndpoint.Host("example.com")
let port = NWEndpoint.Port(1234)!
// VULNERABLE: Using unencrypted TCP connection exposes data to interception
let insecureConnection = NWConnection(host: host, port: port, using: .tcp)
insecureConnection.start(queue: .main)...✅ Secure code example
import Network
let host = NWEndpoint.Host("example.com")
let port = NWEndpoint.Port(1234)!
// SECURE: Using TLS encryption to protect data in transit
let secureConnection = NWConnection(host: host, port: port, using: .tls)
secureConnection.start(queue: .main)...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.