11

Currently i have an application which has a "Remember Me" option for storing User ID.So to store this currently i am using Keychain APIs.

But i have a doubt if by chance device is stolen and somebody jailbreak the device. Can he able to get all these data from keychain?

How to prevent this ?

raaz
  • 12,410
  • 22
  • 64
  • 81

4 Answers4

8

The most important thing when using the KeyChain is to not use kSecAttrAccessibleAlways or kSecAttrAccessibleAlwaysThisDeviceOnly because then data is not encrypted securely (see Apple's documentation). Not using these adds a layer of security to KeyChain data, but still, a strong passcode would be required by the user to protect his data. If the user has no passcode on the device, the data is unprotected. If the user has a 4-digit passcode (the standard), the data is protected very weakly and can be brute forced in minutes.

If you require protection from jailbreak (and other attacks), your best option is to not use the KeyChain, but create an encrypted sensitive data store of your own and require the user to have a secure passcode. Store the data encrypted using a key generated from that passcode.

This could inconvenience your users, so if you wish to provide a grace period between requiring passcode, think of a way to provide a session cookie to the app which is invalidated after a set period of time.

Léo Natan
  • 56,823
  • 9
  • 150
  • 195
  • Is SQLCipher can be a solution for this kind of problem ? – raaz Mar 08 '14 at 16:31
  • @raaz Yes, it can be, but it depends if you really need such a large framework (SQLite + sqlcipher). – Léo Natan Mar 08 '14 at 18:05
  • Leo-natan do you have any suggestion commercial or opensource ? – raaz Mar 08 '14 at 21:18
  • 1
    @raaz Take a look at this project: https://github.com/nicerobot/objc/tree/master/NSData/NSData%2BAES/ Gives you encryption categories over `NSData`. Now you can use any object that can be serialized to data (such as a dictionary) and crypt it before saving to disk. – Léo Natan Mar 08 '14 at 21:36
2

To be extra safe I'd add another layer of security on top of everything and make a simple check if the device is jailbroken. If that's the case I'd delete the current KeyChain \ sensitive data.

Something like that:

NSString *filePath = @"/Applications/Cydia.app";
if ([[NSFileManager defaultManager] fileExistsAtPath:filePath])
{
   //Device is jailbroken --> delete KeyChain
}

Or even better:

FILE *f = fopen("/bin/bash", "r");
BOOL isbash = NO;
if (f != NULL)
{
    //Device is jailbroken --> delete KeyChain
    isbash = YES;
}
fclose(f);
Segev
  • 19,035
  • 12
  • 80
  • 152
  • This is a terrible idea. First, all these can be easily circumvented. Just because a device is jailbroken, does not mean an app is not in a sandbox. So your first example is nada. Bash is not always installed. In fact, most people don't install it. Second example - nada. Also, deleting the keychain would only happen if the app is run. In the meantime, jailbreak allows access to keychain data. – Léo Natan Mar 12 '14 at 23:39
  • 1
    The above are the common ways to detect if your device is jailbroken. Check here: http://stackoverflow.com/questions/413242/how-do-i-detect-that-an-ios-app-is-running-on-a-jailbroken-phone . Btw, the second example is how Skype does it (far from "nada"). Of course the app needs to run in order for it to work. That's why i wrote "add another layer of security", not depend only on the above. – Segev Mar 13 '14 at 07:51
  • 1
    Yes, they are common ways to get false hope. They are very unreliable. One should not have misconceptions here - if they want security beyond jailbreak, they have to implement it themselves outside of the OS. – Léo Natan Mar 13 '14 at 12:28
  • 1
    Defence in depth is the key here, yes these aren't foolproof jailbreak detection mechanisms, but for a simple bit of code it adds a layer of defence that will help in some circumstances. – Tim Mar 15 '14 at 14:46
  • @Jeff Yes, but isn't it better to do the best you can? Hanging your hopes on jailbreak checks is not optimal. – Léo Natan Mar 16 '14 at 16:36
  • Of course, but every layer helps. Definitely not recommending using solely this to defend against your database being stolen. – Tim Mar 16 '14 at 18:40
0

Here is the best way for checking if Device jailbroken

Code that checks

bool forked = fork();
if (forked) {
    // Device is jailbroken
}
Community
  • 1
  • 1
l0gg3r
  • 8,864
  • 3
  • 26
  • 46
0

Check this link Keychain Items, where you can enumerate all keychain items.

You can also use Protection Attributes for securing info.

Apple Docs

Good Read

Community
  • 1
  • 1
Zeeshan
  • 586
  • 7
  • 15