Abstract
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. DVIA is free and open source and it has both a Swift and Objective-C version. This is a completely new version of Damn Vulnerable iOS App - completely rewritten in Swift 4.0.
The following vulnerabilities are covered:
- Local Data Storage
- Jailbreak Detection
- Excessive Permissions
- Runtime Manipulation
- Anti Anti Hooking/Debugging
- Binary Protection
- Touch/Face ID Bypass
- Phishing
- Side Channel Data Leakage
- IPC Issues
- Broken Cryptography
- Webview Issues
- Network Layer Security
- Application Patching
- Sensitive Information in Memory
- Data Leakage to Third parties