Threat: Unencrypted Local Realm Database
- Description: An attacker gains physical access to the device or exploits a vulnerability allowing file system access. They copy the Realm database file, which is stored unencrypted. The attacker can open the file using Realm Studio or other tools and read all the data.
- Impact: Complete data breach. All sensitive information stored in the Realm is exposed.
- Affected Component:
Realm.open()(specifically, the configuration used to open the Realm), the entire Realm database file. - Risk Severity: Critical
- Mitigation Strategies:
- Enable Realm Encryption: Use
RealmConfiguration.Builder.encryptionKey()with a 64-byte key. - Secure Key Storage: Store the key securely (Android Keystore or iOS Keychain).
- Key Rotation: Implement a key rotation strategy.
- Avoid Hardcoding Keys: Never hardcode the key.
- Enable Realm Encryption: Use
Threat: Weak Realm Encryption Key
- Description: The application uses Realm encryption, but the key is weak (short, predictable, or hardcoded). An attacker uses brute-force or dictionary attacks to guess the key.
- Impact: Data breach, similar to an unencrypted database.
- Affected Component:
RealmConfiguration.Builder.encryptionKey(), the encryption key itself. - Risk Severity: High
- Mitigation Strategies:
- Strong Key Generation: Use a cryptographically secure random number generator for a 64-byte key.
- Secure Key Storage: (Keychain/KeyStore).
- Key Derivation Functions (KDFs): If derived from a password, use a strong KDF (Argon2, scrypt, PBKDF2) with a high iteration count and salt.
- Description: On Android, a malicious application with the same package name as the legitimate application attempts to open the Realm file (if signature checks are bypassed).
- Impact: Potential data read/write/corruption.
- Affected Component:
Realm.open(), the entire Realm database file. - Risk Severity: High (on Android)
- Mitigation Strategies:
- Strong Code Signing: Use a robust code signing process.
- Realm Encryption: Encrypting the Realm is crucial.
- Additional Application Identifier: Store a unique identifier in secure storage (Keychain/KeyStore) and verify it before opening.
- Description: An attacker intercepts network traffic between the client and Realm Cloud, potentially reading or modifying synced data.
- Impact: Data breach (exposure of synced data), data tampering.
- Affected Component: Realm Sync (network communication),
SyncConfiguration. - Risk Severity: High
- Mitigation Strategies: * HTTPS (Mandatory): Realm Sync requires HTTPS. Ensure TLS is properly configured, and certificate validation is not disabled. * Certificate Pinning: Implement certificate pinning to prevent MITM attacks.
- Description: Weak authentication mechanisms are used to connect to Realm Cloud. Attackers can guess/steal credentials and access synced data.
- Impact: Data breach (exposure of synced data), potential data tampering.
- Affected Component: Realm Sync authentication (
SyncConfiguration, authentication provider). - Risk Severity: High
- Mitigation Strategies:
- Strong Authentication: Use OAuth 2.0, JWTs (with strong secrets), or Multi-Factor Authentication (MFA).
- Secure Token Storage: Store tokens securely (Keychain/KeyStore).
- Password Policies: Enforce strong password policies if using username/password.
- Description: Realm permissions on the backend are misconfigured. A user can access/modify data belonging to others.
- Impact: Data breach, data tampering, potential privilege escalation.
- Affected Component: Realm Cloud backend, Realm permissions configuration.
- Risk Severity: High
- Mitigation Strategies:
- Principle of Least Privilege: Grant only minimum necessary permissions.
- Query-Based Permissions: Use Realm's query-based permissions.
- Role-Based Access Control (RBAC): Define roles with specific permissions.
- Regular Permission Audits: Periodically review permissions.
- Testing: Thoroughly test permissions.