Objective: To gain unauthorized access to, modify, or delete data stored within the Realm database.
+-------------------------------------------------+
| Attacker Gains Unauthorized Access/Modifies/ |
| Deletes Realm Data |
+-------------------------------------------------+
|
+------------------------------------------------------------------------------+
| |
+---------------------+ +---------------------+
| Data Exfiltration | | Data Modification |
+---------------------+ +---------------------+
| |
+---------+---------+ +---------------------+
| | | 3. Unauthorized |
| 1. Unencrypted | 2. Weak Encryption | Write Access |
| Realm File | Key Access | [HIGH RISK] |
| ***CRITICAL*** | ***CRITICAL*** +---------------------+
+---------+---------+ |
+---------+---------+
| 3a. Logic Flaws |
| in App Code |
| [HIGH RISK] |
+-----------------+
|
+---------+---------+
| 3b. Insufficient |
| Access |
| Control |
| Checks |
| [HIGH RISK] |
+-----------------+
Attack Tree Path: 1. Unencrypted Realm File (CRITICAL)
- Description: The Realm database file is stored on the device without any encryption. This means anyone with access to the file system can read the data directly.
- Likelihood: Medium (due to developer oversight or misconfiguration).
- Impact: Very High (complete data exposure).
- Effort: Very Low (simply accessing the file is enough).
- Skill Level: Novice.
- Detection Difficulty: Very Easy (trivially detectable if the file is accessed).
- Mitigation:
- Always enable Realm encryption using a strong, randomly generated 64-byte key.
Attack Tree Path: 2. Weak Encryption Key Access (CRITICAL)
- Description: The encryption key used to protect the Realm file is stored insecurely or is easily guessable. This could involve hardcoded keys, keys stored in easily accessible locations (e.g., shared preferences without proper protection), or keys derived from weak sources of entropy.
- Likelihood: Medium (due to poor key management practices).
- Impact: Very High (complete data exposure, as the attacker can decrypt the Realm file).
- Effort: Low (depends on how the key is stored; could be as simple as decompiling the app).
- Skill Level: Intermediate (requires understanding of cryptography and reverse engineering).
- Detection Difficulty: Medium (requires analyzing the application code or monitoring key access).
- Mitigation:
- Use the Android Keystore system (on Android) or the Keychain (on iOS) to securely store the encryption key.
- Never hardcode the key in the application code.
- Use a strong, randomly generated 64-byte key.
- Consider key rotation strategies.
Attack Tree Path: 3. Unauthorized Write Access ([HIGH RISK])
- Description: The attacker gains the ability to modify data in the Realm, even without having the encryption key (if encryption is used). This is typically due to flaws in the application's logic or access control mechanisms.
- Likelihood: Medium (logic flaws and access control issues are common).
- Impact: High (data modification or corruption).
- Effort: Medium (requires finding and exploiting vulnerabilities).
- Skill Level: Intermediate.
- Detection Difficulty: Medium.
- Mitigation:
- Implement robust input validation and access control.
Attack Tree Path: 3a. Logic Flaws in App Code ([HIGH RISK])
- Description: The application's code contains vulnerabilities that allow the attacker to bypass intended access controls and perform unauthorized write operations to the Realm. This could be due to improper input validation, incorrect use of Realm's API, or other coding errors.
- Likelihood: Medium (common in complex applications).
- Impact: High (data modification or corruption).
- Effort: Medium (requires code review and potentially fuzzing).
- Skill Level: Intermediate (requires understanding of secure coding).
- Detection Difficulty: Medium (requires code analysis and dynamic testing).
- Mitigation:
- Thorough code review, focusing on Realm interactions.
- Input validation for all data written to Realm.
- Use of static analysis tools to identify potential vulnerabilities.
Attack Tree Path: 3b. Insufficient Access Control Checks ([HIGH RISK])
- Description: The application code does not adequately check user permissions or roles before allowing write operations to the Realm. This allows an attacker with limited privileges to potentially modify data they shouldn't have access to.
- Likelihood: Medium (a common oversight).
- Impact: High (data modification or corruption).
- Effort: Low (exploiting this is often straightforward once identified).
- Skill Level: Intermediate (requires understanding of access control).
- Detection Difficulty: Easy (can be detected through code review and testing).
- Mitigation:
- Implement strict access control checks before every write operation to the Realm.
- Follow the principle of least privilege: users should only have the minimum necessary access.
- Regularly audit access control logic.