Genuineness of Application Pentest On Jailbroken iOS Device

Question

Having read books on iOS Pentesting, I noted almost all security testcases or tool(s) require a jailbroken device.

I looked for information about this, because it is needed to perform those tests or to use those tools, and I understood it.

But I cannot find an explanation around:

In the real world not all devices are jailbroken, so how relevant are test results using a jailbroken device in a real context?

EDIT

Can I assume that an application vulnerability once found in a debugging environment, it should be replicated on a non-jailbroken device to become validated?

One thing to remember is that if your application is being attacked, the attackers may well be using jailbroken devices too. Doesn't matter so much for some apps (local tools), but can be important if your application is making sensitive connections to a server. — Matthew, Jan 20 '17 at 10:47

Rory McCune · Accepted Answer · 2017-01-20T15:33:33.920

13

Generally iOS Security assessments (a.k.a penetration testing) are targeting applications running on an iOS device and not the Operating System/platform itself (which has already been subjected to a large number of assessments).

In order to effectively assess the security of an application running on iOS a jailbroken device is needed as debugging and examining the application code and runtime behaviour is difficult without access to the underlying OS.

Most security assessment companies keep a stock of Jailbroken devices, pretty much for this purpose.

Edit to address your added question. I think replication on a non-jailbroken device would depend on the issue at hand. As an example a security issue with an application might be that it stores sensitive data such as credentials in clear text. Now on it's own this may not be exploitable, but it's still bad security practice. Most security assessments I've seen would show evidence of the problem but wouldn't necessarily require replication on a non-jailbroken device every time.

edited Jan 20 '17 at 15:33

answered Jan 20 '17 at 10:13

Rory McCune

60,923
14
136
217

*targeting applications running on the platform and not the platform itself* or *targeting applications running on the **device** and not the platform itself*? – Shritam Bhowmick Jan 20 '17 at 11:45
@ShritamBhowmick The platform is iOS. So the former means, "targeting applications running on iOS and not iOS itself." That statement is fine. – jpmc26 Jan 20 '17 at 21:41
@jpmc26, it;s changed now. – Shritam Bhowmick Jan 21 '17 at 15:34
Hi Both, I tried to clarify so it's clear all round :) – Rory McCune Jan 22 '17 at 13:38

score 1 · Answer 2 · answered Jan 20 '17 at 18:39

It's true that in a real world most devices won't be jailbroken. In fact, it's not recommended to have a jailbroken/rooted device if you don't use it for development, pentest, etc

Most vulnerabilities you found in a jailbroken device probably can't be replicated in a non-jailbroken device, but that doesn't prevent an attacker from doing the same tests you did. The vulnerability exists in the application, doesn't matter the state of the underlying OS

Genuineness of Application Pentest On Jailbroken iOS Device

2 Answers2