Hash Generated Using Broken Cryptography API (SHA1)

[JayP2405]

Hash Generated Using Broken Cryptography API (SHA1)

Severity: Medium Exploitability: Difficult CVSS: 4.0

Note: SocketRocket is being used in my application through react native project (as pod dependency). Several security vulnerabilities have been identified having root causes in files of SocketRocket.

The following code locations within the App use 'CC_SHA1' or 'CryptoKit.Insecure.SHA1' functions to generate a message digest: unsymbolicated_function calls_CC_SHA1()

The vulnerable code locations use the 'CC_SHA1' or 'CryptoKit.Insecure.SHA1' hashing functions, which leverage hashing algorithms that are proven to be vulnerable to collision attacks, and are unsuitable for modern use.

Apple officially considers this algorithm insecure. They state in iOS 13 CryptoKit documentation:

This hash algorithm isn't considered cryptographically secure, but is provided for backward compatibility with older services that require it. For new services, prefer one of the secure hashes, like SHA512.

Recommendation: Switch each usage of these outdated hashing functions to use a stronger algorithm with better collision resistance properties, such as SHA-256 or SHA-512.

ScreenShot: N/A

Stack Trace: The following related source code symbols were identified:

- [SRDelegateController setAvailableDelegateMethods:]
- [SRDelegateController availableDelegateMethods]
- [SRIOConsumer resetWithScanner:handler:bytesNeeded:readToCurrentFrame:unmaskBytes:]
- [_OBJC_CLASS_$_NSData dataWithBytes:length:]

Analysis:

Impacted Files:

• SocketRocket > Internal > Delegate > SRDelegateController.m
• SocketRocket > Internal > IOConsumer > SRIOConsumer.m
• SocketRocket > Internal > Utilities > SRHash.m

Note: There can be other such impacted files as well. As of now, I could able to locate above three based on provided stack trace details.