Changelog

4.3.2

09.05.2017

Cydia Packages will need to be updated to enable the r2frida functionality. To do this, follow these instructions: Updating NowSecure Cydia Packages

Updates

  • Take binary analysis to the next level with R2Frida integration - Users can now initiate an R2Frida shell from the Advanced tab within NowSecure Workstation. For more details about R2Frida, visit the GitHub page: https://github.com/nowsecure/r2frida

  • Making NowSecure Workstation better with anonymized analytics - Gathering analytics about how our customers use NowSecure Workstation helps us improve speed and coverage and make users more efficient. Analytics will now be enabled by default. Data collected is anonymous and scrubbed of any sensitive data (e.g., credentials, search terms, app names, etc.)

  • Track your license expiration date - Users can now view the expiration date of their current NowSecure Workstation license by navigating to Options -> About.

Bug Fixes

  • Memory dump now functions as expected on iOS10 devices.

  • SD Card search now functions as expected on ARM64 devices (Nexus 5X, 6P, etc.).

  • A link to iOS device provisioning support content has been updated.

4.3.1

08.09.2017

Updates

  • Additional customizable findings templates - Users can now customize CVSS scores, descriptions, recommendations, and more for default search term findings (e.g., phone number, credit card number, Social Security number, device ID, device serial number, and device MAC address).

  • Update notifications now include link to release details - Users can now access the changelog via a link within the Lab Workstation user interface when new releases are available.

Bug Fixes

  • Special characters within search terms are now included in searches rather than ignored.

  • Search terms enclosed within quotation marks are now interpreted as phrases rather than individual terms.

  • Bugs in static analysis of iOS apps that enable App Transport Security (ATS) have been fixed.

  • SSL Scan results now properly display a “fail” rating if insecure ciphers or protocols are detected.

4.3

07.20.2017

Updates

  • More granular vulnerability risk ratings - To provide security analysts with more fine-tuned risk ratings, we’ve made CVSS scoring the primary metric in the risk calculation.

  • Customized findings templates - Via Preferences, users can now globally customize findings including but not limited to descriptions, recommendations, regulatory mappings, and CVSS score.

  • Import screenshots - To allow security analysts to add additional screenshots and context to reports, they can now import screenshots through the editor panel.

  • Forensic search expanded to include SD Card - Results from the data population test will now include search terms found on SD card storage.

  • Reports for individual assessments within a project - Export reports for individual assessments, rather than all assessments, within a project.

  • Additional detail in SSL Scan Output - This finding will now include a Pass/Fail rating based on the protocol, cipher, and bit-length used.

  • New regulatory and industry standard mappings - Findings are now also mapped to FFIEC guidelines, PCI DSS, and HIPAA.

Bug Fixes

  • Broken links to the OWASP Mobile Top 10 Risks have been fixed.

4.2.2

06.02.2017

Updates

  • Added Progress Bar During Report Export Lab Workstation will now display a progress bar when a user exports a report. This progress bar will allow you to better monitor the progress of your export.

  • Updated Product Name to Lab Workstation Our penetration testing kit has had a few names over the years: ViaLab, Lab, and now Lab Workstation. We updated the welcome screen and other naming references throughout the UI to reflect the current product name.

Bug Fixes

  • Cryptography findings are now summarized by filename.

  • Custom search terms were occasionally omitted from the JSON report. This has been fixed.

  • The open project dialogue would remain open after opening a project. The dialogue window behaves properly now.

  • The Address Reference Counting Check has been renamed to Automatic Reference Counting Check.

  • iOS version is now properly displayed in the report.

  • We updated a message with the Automate tab for iOS 10. Lab Workstation has not supported the Automated tab for iOS 10, so you will no longer see that error message.

4.2.1

05.10.2017

Updates

  • Cryptography Library Listings Lab Workstation will now surface a list of cryptography findings for iOS and Android apps.

  • Updated SSL Scan SSL Cipher lists now include a complete list of ciphers that a given server can accept.

  • New Support Documentation Documentation within Lab Workstation has a fresh new look. This new interface should offer more streamlined updates in the future.

Bug Fixes

  • Lab Workstation version is now listed within reports.

  • Copyright date is now current.

  • Previously, some sensitive data was not properly redacted from the report. This issue is now fixed.

4.2

04.14.2017
  • iOS 10 Support is here! Shoutout to qwertyoruiopz and former NowSecure rockstar marcograss for the iOS 10 jailbreak!

  • Modification of Default Findings - Workstation can now remember changes users make to our default findings so they don’t have to modify them with every new assessment

  • Report Redactions - removes sensitive data (username, pass, keywords, etc…) from the report on request so critical test credentials can’t be gleaned from reports should they be intercepted or simply lost

  • Updated OWASP Mappings (2016) - re-mapped the OWASP Top Ten to ensure we stay up-to-date with the latest and greatest.

  • Some apps wouldn’t show up in the lists of apps installed in some feeble attempt to not undergo security testing. Those apps now appear correctly

  • Selecting a file to overwrite when exporting a report would sometimes overwrite the wrong file, causing confusion, disturbing the peace. No longer

  • The report editor window kept jumping around when you would check/uncheck an item, it now behaves properly

  • Some iOS snapshots were hiding in a different directory. We found them!

4.1.1

03.02.2017
  • New Mitmproxy Feature - Added the -insecure option to Mitmproxy providing greater network traffic coverage for apps that use TLS.

  • Bug Fix for Mitmproxy and Interactive Proxy - We fixed an issue that existed when trying to push untrusted certificates. Our code has been updated to restore full man-in-the-middle capabilities. This issue only affected users who updated to v4.1.

4.1

02.08.2017
  • Mitmproxy Update - Mitmproxy has now been updated to version 0.18. This update allows users to view certificate pinning and validation results in real time. Mitmproxy 0.18 also gives users the ability to test SSL over custom ports. These improvements should improve false negatives.

  • Improved Log Capture for iOS - This forensic check for iOS now supports all iOS 9 devices.

  • Enhanced iOS Static Check Stability - We’ve enhanced the performance of iOS static checks that were previously causing some errors or crashes.

4.0.1

12.29.2016
  • Displays Background Modes and Behaviors that the application is leveraging based on libraries imported by the application.

  • iOS Forensics Update: In a recent 9.x version, applications began storing data in a separate “Shared” directory on the device in addition to the standard private application directory. This new location has been added to the “Forensics” tab

  • Resolved an issue where Lab Workstation was incorrectly flagging the Certificate Validation test as a Medium risk due to some traffic being generated by self-signed certificate, and was not related to an application vulnerability. We also added a fix to resolve an issue related to the NSFileProtection Output (iOS static check).

4.0

11.04.2016
  • Interactive proxy integration

  • Forensic File Protection class information shown in artifact viewer for each file

  • iOS static check for files with NSFileProtectionNone

  • Ability to automatically lookup organizations via IP addresses in captured network traffic

  • Ability to sort issues by severity in report iOS

  • App Transport Security check updated

  • Improvements to Touch ID check

  • Added screenshot functionality during Data Capture step

3.6

  • Addition of CVSS scores to Issues Found

  • Updated test descriptions and result/recommendation verbiage

  • Radare2 integration (for reverse engineering)

  • Output context added for the ASLR check

  • Report arrangement restructure (splitting results out according to relevant section)

  • Filtered iOS keychain output to only show values matching search terms

  • Squashed the SQL Injection bug fix that caused Workstation to crash occasionally

  • Fixed a bug that prevented output creation from Advanced Tab

  • Swift support for reversing symbols and classes

3.5.3

  • iOS 9.0 and 9.1 support

  • NIAP mapping: findings now include configuration guidelines from National Information Assurance Partnership

  • Improved provisioning for iOS devices reduces the amount of time it takes to install a new agent and certificate on iOS testing devices

  • Resolve memory analysis and automation scripting issues with iOS 9.0 and 9.1.

3.5

  • Modify recommendations and regulatory information

  • Rename assessments

  • iOS 8.4 Support

  • UI, reporting, importing, and static analysis bug fixes

  • Rebranded from viaLab to NowSecure Lab

  • Mitmproxy upgraded to the latest 0.12.1 version

  • Android agent updated to v2.3

3.4

  • Phone backup/restore feature (Android)

  • IP Geolocation on Network tests

  • Link to 42 Best Practices included for several findings directly in the report

  • Automated LocalAuthentication bypass (TouchID) added as a iOS Cycript function

  • Interface redesign (use of latest GTK3 framework)

  • Artifact viewer enhancements

  • New emulator packages

3.3

  • Based on our latest security-minded linux distribution, Santoku 0.5

  • Import search teams using a CSV file

  • Improvements to the automated searches and to the static analysis tests

  • Enhanced iOS device handling and detection