Mobile Top 10 2014-M8

Security Decisions Via Untrusted Inputs

Threat Agents	Attack Vectors	Security Weakness		Technical Impacts	Business Impacts
Application Specific	Exploitability EASY	Prevalence COMMON	Detectability EASY	Impact SEVERE	Application / Business Specific
Threat Description	Attack Vector Description	Security Weakness Description		Technical Impacts	Business Impacts

Am I Vulnerable To Security Decisions Via Untrusted Inputs?

You mobile application can accept data from all kinds of sources. In most cases this will be an Inter Process Communication (IPC) mechanism. In general try and adhere to the following IPC design patterns:

If there is a business requirement for IPC communication, the mobile application should restrict access to a white-list of trusted applications
Sensitive actions which are triggered through IPC entry points should require user interaction before performing the action
All input received from IPC entry points must undergo stringent input validation in order to prevent input driven attacks
Do not pass any sensitive information through IPC mechanisms, as it may be susceptible to being read by third party applications under certain scenarios

How Do I Prevent Security Decisions Via Untrusted Inputs?

iOS Specific Examples:

Do not use the deprecated handleOpenURL method to handle URL Scheme calls. This method does not contain an argument containing the BundleID of the source application.
- Instead use the openURL:sourceApplication:annotation method and validation the sourceApplication argument against a white-list of trusted applications
Do not use the iOS Pasteboard for IPC communications, as it is susceptible to being set or read by all third party apps on the device.

Android Specific Examples

Example Scenarios

References

An In Depth Introduction to the Android Permissions Modeland How to Secure MultiComponent Applications

Mobile Top 10 2014-M8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools