Resiliency / Application Implements anti-Debug Techniques

Description

Application implements anti-debug techniques (CWE-16) is a resiliency vulnerability that occurs when an application implements measures to detect when it is being debugged or reverse-engineered. This vulnerability is often found in mobile apps, specifically on iOS devices where the application can detect when a debugger is attached and can take steps to prevent it from functioning correctly. According to the OWASP Testing Guide, this vulnerability can be found by analyzing the code to detect whether anti-debugging measures are in place or by attempting to attach a debugger and observe the application's behavior.

Risk

This vulnerability can pose a significant risk to an application's security as it can prevent security researchers from identifying and exploiting vulnerabilities in the application. As such, it is important to ensure that all applications are properly tested for the presence of anti-debugging measures and that appropriate measures are taken to improve the security of the application.

Solution

The best way to mitigate this vulnerability is to ensure that all applications are tested for the presence of anti-debugging measures and that any measures that are detected are removed. Additionally, applications should be regularly tested for security vulnerabilities to ensure that any potential security flaws are addressed in a timely manner.

Example

The following example code is from CVE-2019-15791, which is a vulnerability in Samsung Galaxy A8 devices that allows an attacker to bypass anti-debugging measures in certain applications.

int __fastcall sub_400C8(_DWORD *a1)
{
  int result; // r0@1

  result = *a1;
  if ( (signed int)result < 0 )
    result = 0;
  return result;
}