Skip to content

Latest commit

 

History

History
89 lines (70 loc) · 6.17 KB

threat-modeling.md

File metadata and controls

89 lines (70 loc) · 6.17 KB

Threat Model Analysis for facebookarchive/three20

Threat: URL Spoofing via TTNavigator

  • Threat: URL Spoofing via TTNavigator

    • Description: An attacker crafts a malicious URL that, when opened by the application, causes TTNavigator to load an unintended view or execute an unexpected action. This leverages Three20's URL-based navigation system. The attacker could use this for phishing, unauthorized actions, or bypassing security.
    • Impact: Phishing, unauthorized data access, execution of arbitrary actions, bypassing security controls.
    • Affected Three20 Component: TTNavigator, URL scheme handling, custom URL routing logic built on top of Three20.
    • Risk Severity: High
    • Mitigation Strategies:
      • Strict URL validation and whitelisting before passing to TTNavigator. Do not rely on Three20's parsing.
      • Avoid Three20's URL navigation for sensitive operations.
      • Migrate to a modern navigation system (UIKit, SwiftUI).
      • Robust input validation for all external data.

Threat: Cache Poisoning via TTURLCache

  • Threat: Cache Poisoning via TTURLCache

    • Description: An attacker exploits a vulnerability in TTURLCache to inject malicious data into the cache. The application then loads and uses this poisoned data, potentially leading to code execution or data corruption. This directly targets Three20's caching mechanism.
    • Impact: Display of incorrect/malicious content, execution of malicious code, data corruption, denial of service.
    • Affected Three20 Component: TTURLCache, potentially TTURLRequest if vulnerabilities exist in their interaction.
    • Risk Severity: High
    • Mitigation Strategies:
      • Do not cache sensitive data with TTURLCache without strong encryption and access controls.
      • Integrity checks (checksums, signatures) on cached data before use.
      • Use a more secure and modern caching solution.
      • Strong input validation and sanitization before caching.

Threat: Information Disclosure via TTURLRequest and Network Handling

  • Threat: Information Disclosure via TTURLRequest and Network Handling

    • Description: Vulnerabilities in Three20's handling of network requests/responses (insecure defaults, improper redirects, lack of certificate validation) allow interception or eavesdropping, exposing sensitive data. This directly involves Three20's networking components.
    • Impact: Exposure of sensitive data (credentials, API keys, personal info), man-in-the-middle attacks.
    • Affected Three20 Component: TTURLRequest, related networking classes, custom networking logic built on Three20.
    • Risk Severity: High
    • Mitigation Strategies:
      • HTTPS with proper certificate validation for all network communication. Verify underlying implementation security.
      • Do not rely on Three20's default settings for security.
      • Review data sent/received by Three20's components to prevent exposure.
      • Replace Three20's networking with a modern, secure library (e.g., Alamofire).

Threat: Code Injection via Unpatched Vulnerabilities

  • Threat: Code Injection via Unpatched Vulnerabilities

    • Description: An attacker exploits an unpatched vulnerability in Three20's code (buffer overflow, format string vulnerability, etc.) to inject and execute arbitrary code. This is amplified by Three20's lack of maintenance. The vulnerability could exist in any part of the library.
    • Impact: Complete application compromise, access to sensitive data, arbitrary code execution, potential privilege escalation.
    • Affected Three20 Component: Potentially any component, depending on the vulnerability.
    • Risk Severity: Critical
    • Mitigation Strategies:
      • Primary mitigation: Migrate away from Three20.
      • If impossible in the short term:
        • Strict input validation and sanitization on all data to Three20.
        • Isolate Three20 components.
        • Least necessary privileges.
        • Regular security audits and penetration testing.
        • Memory safety tools (e.g., AddressSanitizer).

Threat: Data Tampering via TTURLRequest

  • Threat: Data Tampering via TTURLRequest

    • Description: An attacker intercepts and modifies network requests or responses handled by TTURLRequest, a core component of Three20's networking. This could involve changing parameters or injecting malicious data.
    • Impact: Execution of unauthorized actions, data corruption, display of incorrect information, potential for code injection.
    • Affected Three20 Component: TTURLRequest and related networking classes.
    • Risk Severity: High
    • Mitigation Strategies:
      • Use HTTPS and ensure proper certificate validation.
      • Implement integrity checks on data received from the network.
      • Consider a modern, secure networking library (e.g., Alamofire).
      • Robust input validation and sanitization.

Threat: Insecure Data Storage in TTURLCache

  • Threat: Insecure Data Storage in TTURLCache

    • Description: Sensitive data is cached by TTURLCache, Three20's caching component, without proper encryption or access controls. An attacker with file system access could read this data.
    • Impact: Exposure of sensitive data (user credentials, API keys, personal information).
    • Affected Three20 Component: TTURLCache.
    • Risk Severity: High
    • Mitigation Strategies:
      • Never cache sensitive data using TTURLCache without strong encryption and access controls.
      • Use iOS Keychain or other secure storage.
      • Consider a more secure caching solution.
      • Regularly clear the cache.