Skip to main content

11 posts tagged with "Charm Development Kit Deployments"

View All Tags

MATRIX Improvements

We've been working hard on making MATRIX more powerful, robust, and interactive. Here are some things you can look forward to in this release.

More Checks

This release includes 14 new Android checks and 5 new iOS checks, primarily focused on finding sensitive values in HTTPS traffic, application signing vulnerabilities, various app protections, and the keychain. For a complete list of new checks, view our Support docs tests checks.

Regex Support for Keywords

You asked, and we listened. You can now use a regular expression syntax in your keywords file for pattern-matching static data. For example, instead of searching for variants of these patterns:

1234-1234

1234-5678

1234-0000

1234-xxxx

You can add a line item of regex(/1234-/).

Other MATRIX Updates

We also added the ability to view MATRIX reports while devices are off, view "Created by" from the HTML-generated report, and many miscellaneous bug fixes and improvements.

General Improvements

This version also applies various bug fixes for better overall performance and stability, plus continuous enhancements to our web interface for improved usability.

This month's update includes two features - one that we have had enhanced in beta for a few months now, called MATRIX, and one that is new to our platform called Snapshot Sharing.

MATRIX

If you've been playing with this feature, you may have seen it referred to in our application as MAST (Beta). Today, we're formally rolling out our name for this feature, MATRIX, which stands for Mobile Application Testing and Reporting Interface.

MATRIX now includes 8 new Android checks and 4 new iOS checks.

New Android Checks

CategoryName
AuthApplication Contains Hardcoded URLs
CryptoApplication Utilizing Insecure Cryptography
CryptoApplication Utilizing Insecure Symmetric Encryption Modes
CryptoApplication Contains Hardcoded SQLCipher Key
CryptoApplication Contains Hardcoded API Keys
PlatformApplication Contains Debuggable Webviews
PlatformApplication Utilizes Insecure JavaScript Interface
PlatformApplication Contains WebViews with JavaScript Enabled
StorageLocal Data Exposure: Sensitive Values Stored Insecurely in Memory

New iOS Checks

CategoryName
NetworkApp Transport Security (ATS) Selectively Disabled
PlatformApplication Utilizes Potentially Dangerous Permissions
PlatformPotentially Insecure iOS Entitlements
StorageLocal Data Exposure: Sensitive Values Stored in Memory

UI/UX Enhancements

Users are provided with guidance that offers a step-by-step process for completing a test. We have also included toast notifications to notify users when actions and tests have been completed. Once the tests have finished and you are ready to view the results, you can either view them in the UI or download the results in HTML or JSON formats.

The MATRIX index page has been redesigned to give users better access to their test results.

  • A summary has been added so you do not have to navigate to see your check results. Users can also sort by Status or Severity to easily find specific tests. Each test can expand to display the full list of all checks and results, including Impact, Remediation, and Evidence.

  • You will also see any tests that have not been completed, ensuring users always know where they left off. If a user tries to start a new test, they will be prompted to complete or delete the unfinished test.

  • A History section has been added, enabling users to view or delete old tests.

We believe readily available support documentation is crucial for quickly answering your questions, allowing you to stay focused on your tasks.

  • From the main MATRIX page, users can click out to view the MATRIX support homepage or the CI/CD workflow page.

    Learn how to get started with MATRIX.

Bug fixes

We have continued to fix the bugs found during our Beta. Thank you to all of our select Business customers who have sent us comments about what they have experienced. We are proud to say that we have pushed all the fixes to those bugs into this release.

Known Issues

Rooted / Jailbroken

  • MATRIX does not support non-rooted or non-jailbroken devices. To use MATRIX, ensure that the device is rooted (Android userdebug) or Jailbroken (iOS).

Project Admins Only

  • Non-project admins who attempt to use MATRIX will be automatically logged out. This will change in future updates.

Keep the App Open

  • When running MATRIX, ensure that the app is open in the virtual device until the report is generated. If the app is closed, there is a chance that the report will not be generated.

Snapshot Sharing

We are very excited about the new feature included in this release. Snapshot sharing allows users to distribute snapshots with other users within the platform. At this time, snapshot sharing is only available for Business customers only.

Learn how to get started with Snapshot sharing.

Snapshot sharing is controlled by Access Codes to ensure that only authorized individuals can use or share the snapshots, enhancing security and confidentiality.

Please note that when you create a new device from a shared live snapshot, the device's file system is copied to the new device, but the RAM state is not. This means the new device will boot up as if it were power-cycled but with the snapshot's file system state.

Virtualize iOS 17.5 Devices

Official iOS 17.5 support is now available for all customers who can virtualize compatible devices.

Today we're rolling out Corellium version 6.2.1 for on-premise and desktop appliances.

Android Live Snapshots

Live snapshots capture the state of a virtual device's RAM and filesystem. Corellium can resume live snapshots in the same state as when they were suspended, including running apps. We're bringing Live Snapshots, a feature previously only available on iOS devices, to Android.

Misc Bug Fixes

Fixed a few system stability issues.

iOS 17.5 Beta

Premium On-Site and Desktop Appliance support has been extended to include up to iOS 17.5 Beta.

UI/UX Enhancements

For this round of updates, we're taking into account the considerable feedback we've gathered from you, our customers. In response to this valuable feedback, we've made some focused improvements to our web interface to help you better understand the state of your devices and to provide more visibility around device hours and burst usage.

Device Hours & Burst Usage Transparency

In our effort to provide you with a clearer insight and a better understanding of your device usage and billing, we've made the following changes to our web interface:

  • A device hours counter has been added to the web interface to enable a better understanding of device usage by keeping a total count of the amount of device hours consumed in a billing period.

device hours counter

  • We've refreshed the subscription page, detailing the components of your plan and providing a usage summary to show your current spending based on device hours used in a given billing period.

subscription page

For subscriptions that include burst, the counter will update to reflect when the following billing thresholds are reached:

  • When you've reached 85% of your alloted hours.

device hours counter for burst usage

  • When you've reached 100% of your alloted hours. When reached, any additional device hours will be billed at the burst rate.

device hours counter for burst usage

Device States

With the transition of billing to revolve around device hours, we're helping you ease into this change by applying color schemes to the device's state indicator. This addition is aimed to provide a clear visual representation of the states of your devices.

  • A green color scheme is associated with the device's state indicator when a device is considered active.

device turn on

  • A black color scheme is associated with the device's state indicator when a device is considered turned off.

device turn off

  • A green color scheme is associated with the device's state indicator when pausing an active device to show that the device is active when paused.

device pause

Accessibility Work

We've made significant headway in our goal to achieve WCAG 2.1 AA compliance, and our efforts are ongoing. We are committed to integrating accessibility improvements throughout our product, ensuring it becomes increasingly accessible for all users to promote a more inclusive experience.

Virtualize iOS 17.4 Devices

Official iOS 17.4 support is now available for all customers who can virtualize compatible devices.

iOS 17.4 GA

MATRIX Fixes and Enhancements

We've made some updates to enhance your experience with our MATRIX UI. To help you quickly review the outcomes of your MATRIX tests, we've introduced a Summary and Results section. This new feature allows you to easily view the results of the security tests that have been run. We've also made various bug fixes and general enhancements to further improve our MATRIX solution.

MATRIX Reporting/Summary

Key Bug Fixes

  • Fixed an issue where USBFlux did not contain all the correct architecture types.
  • Fixed an issue preventing iOS 17 devices from connecting to Xcode.

MATRIX (Beta) for Cloud

We have released our automated mobile app security testing tool, known as MATRIX, to our Business Cloud customers. Available for both iOS and Android devices, MATRIX drastically reduces the effort, cost, and time required to perform professional-grade penetration testing.

Learn how to get started with MATRIX.

Note: For our Cloud customers, our MATRIX tool requires a device that was created on February 1, 2024, or after.

MATRIX Report

Virtualize iOS 17.3.1 Devices

Customers can now run iOS 17.3.1 on all compatible virtual devices.

Added Support for iOS 17.3.1

WCAG 2.1 Improved Compliance

We rebuilt the device tools and features pages, the global navigation bars, the home page, and the admin pages to be more compliant with the Web Content Accessibility Guidelines 2.1 (WCAG 2.1) standard.

Bug fixes

We've also included miscellaneous bug fixes in this release.

Corellium proudly presents iPhone 15 devices! iPhone 15, 15 Plus, 15 Pro and 15 Pro Max, along with iOS up to version 17.0.3

Additional updates include:

  • Added a Current Period Usage panel in the Admin > Subscription page to track your usage for our current subscription offerings
  • SSO is now generally available for Business customers, refer to our documentation to get started
  • Miscellaneous bug fixes and improvements, including Accessibility enhancements