Swift Insecure Cipher Usage
Description
Identifies usage of cryptographically weak cipher algorithms (DES and Blowfish) in Swift applications. These legacy ciphers are considered insecure for modern applications due to known cryptographic weaknesses and should be replaced with stronger alternatives like AES.
Detection Strategy
• Detects when DES cipher is used through IDZSwiftCommonCrypto library by looking for '.des' symbol references
• Identifies Blowfish cipher usage when the CryptoSwift library is imported and Blowfish class is instantiated
• Reports a security issue when either cipher is found in the codebase since both are considered cryptographically weak
Vulnerable code example
import CommonCrypto
// Encryption setup
func setupEncryption() {
let key = "secretkey"
// Vulnerable: Using DES with 64-bit block size - prone to birthday attacks
let algorithm = CCAlgorithm(kCCAlgorithmDES)...✅ Secure code example
import CommonCrypto
import CryptoKit
func setupEncryption() throws {
// Generate a random key instead of hardcoding
let key = SymmetricKey(size: .bits256)
// Use AES-GCM which provides authenticated encryption...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.