IOS Local Authentication able to be bypassed

[jianchao97]

I have submitted my app for penetration test recently and one issue is reported by them that they are able to bypass local authentication for IOS.

https://github.com/user-attachments/assets/660f5a1a-8efe-4516-8bdb-bae80d843831

Frida Script: https://github.com/ivan-sincek/ios-penetration-testing-cheat-sheet/blob/main/scripts/ios-touch-id-bypass.js

References:

• https://securitycafe.ro/2022/09/05/mobile-pentesting-101-bypassing-biometric-authentication/#exploiting-ios-biometric-authentication
• https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06f-testing-local-authentication#using-keychain-services-for-local-authentication
• https://bsddaemonorg.wordpress.com/2022/12/04/frida-in-the-ios-simulator/

[chamodanethra]

@jianchao97, Thank you for reporting the issue regarding bypassing local authentication on iOS using Frida. I have identified the vulnerability and implemented a fix to ensure the security of the biometric authentication process. (This PR)[https://github.com/chamodanethra/biometric_signature/pull/11] includes a fix to prevent such bypass techniques. Also, appreciate your patience.

[jianchao97]

@chamodanethra Thank you very much for your response!

[chamodanethra]

@jianchao97 Please let me know whether the plugin's latest version: 4.0.3 has indeed fixed the issue on real devices, if possible. On iOS simulators, calling createSignature() will no longer generate the signature, but instead output AUTH_FAILED error code.

[jianchao97]

@chamodanethra Ok, I will resubmit for penetration test as well, will get back to you once get the result.

[jianchao97]

@chamodanethra The issue is resolved on real devices and it has passed the penetration test. Thank you!

[chamodanethra]

@jianchao97, Awesome. thank you!