CODEWITHSUNDEEP
objective-csecurityioshttpencryption
ObjProg
ObjProg

Reputation: 449

Securing a connection from iPhone to server

I'm working on an iOS app, where it needs to connect to a web service that located on a web server. And it needs to give an arguments to some .php files that will receive these arguments via the POST method. The problem is that I don't want anyone to look/know these arguments, and what I've tried is that WireShark can discloses/sniffs the values of these arguments.

So, what is the suitable approach to secure the connection?, I thought about encrypting the data befor sending them to the server (using simle secrete/single key, since my data are not highly sensitive) and the same for fetching data from the server, if I'd go with this approach, then I'll need to implement my own classes, but I'm running out of time.

Thanks in advance :)

Upvotes: 2

Views: 905

Answers (2)

Mark E. Haase
Mark E. Haase

Reputation: 26881

Https is an option here, but won't hide data from a determined attacker. An attacker can MITM himself to reverse engineer whatever protocol it is that you are using to communicate from iphone to server, and even modify requests in real time!

Here's a good example of how a researcher was able to reverse engineer's Apple's Game Center protocol and artificially set his own high score in an iOS app:

http://corte.si/posts/code/mitmproxy/tute-gamecenter/index.html

If you are concerned about this type of attack, then you should encrypt your payload using a pre-shared key and a symmetric cipher like AES-256 or blowfish.

Upvotes: 2

MusiGenesis
MusiGenesis

Reputation: 75296

Use https instead. Your data are not highly sensitive, so this should be enough. You may not even have to change your iPhone code (other than the URL change), although this depends on your server's certificate.

Upvotes: 0

Related Questions