Title

If the mobile application processes digitally signed data or code, then it must validate the digital signature. (Cat II impact)

Discussion

Mobile code and data files created by an untrusted source may contain malware or malicious code as a result of the source's nature. Though digital signatures provide a level of authenticity which is crucial to trusting the data, the digital signature, typically in the form of a certificate will still require to be fully validated. Validation includes checking whether the certificate used to sign the code or data has expired, been revoked, or was issued by a cryptographically unrecognized certificate authority. The application that is using code whose digital signature cannot be validated opens the application and OS to many vulnerabilities; the data or code the application uses may contain malicious code that could gain root access and other escalated privileges compromising the security posture of the device and the data on it. This control protects users from the potential of malicious code being executed when invalid signatures are used.

Check Content

For mobile applications that process digitally signed data or code, perform a dynamic program analysis that uses data or code with invalid signatures on it. The check should involve at least the following three invalid signature scenarios: expired certificate, revoked certificate, and certificate issued by cryptographically unrecognized certificate authority. If the dynamic program analysis reveals the code or data with invalid signatures is accepted and processed under any invalidity scenario, this is a finding.

Fix Text

Modify code to include digital signature validation.

Additional Identifiers

Rule ID: SV-46560r1_rule

Vulnerability ID: V-35273

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.