This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Mobile Top 10 2014-M8"

From OWASP
Jump to: navigation, search
m (missing period.)
 
(8 intermediate revisions by 3 users not shown)
Line 7: Line 7:
 
{{Top_10_2010:SummaryTableValue-1-Template|Impact|SEVERE}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Impact|SEVERE}}
 
{{Top_10_2010:SummaryTableHeaderEndTemplate}}
 
{{Top_10_2010:SummaryTableHeaderEndTemplate}}
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Threat Description </td>
+
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Threat Agents include entities that can pass untrusted inputs to the sensitive method calls. Examples of such entities include, but are not limited to, users, malware and vulnerable apps.</td>
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}> Attack Vector Description </td>
+
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}> Exploitability of this vulnerability remains easy. <br> An attacker with access to app can intercept intermediate calls and manipulate results via parameter tampering. </td>
     <td colspan=2  {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Security Weakness Description </td>
+
     <td colspan=2  {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Developers generally use hidden fields and values or any hidden functionality to distinguish higher level users from lower level users. An attacker can intercept the calls (IPC or web service calls) and temper with such sensitive parameters. Weak implementation of such functionalities leads to improper behavior of an app and even granting higher level permissions to an attacker.This can easily be exploited through hooking functionality. </td>
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Technical Impacts</td>
+
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>This vulnerability may lead to privilege escalation providing access of higher authorities and functionalities to an attacker. It can even bypass security mechanisms implemented by the app leading to loss of confidentiality and integrity. </td>
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Business Impacts </td>
+
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>This vulnerability leads to loss of reputation. <br>At the same time, impacting and harming the integrity and confidentiality. </td>
 
{{Top_10_2010:SummaryTableEndTemplate}}
 
{{Top_10_2010:SummaryTableEndTemplate}}
  
 
{{Mobile_Top_10_2012:SubsectionAdvancedTemplate|type={{Mobile_Top_10_2012:StyleTemplate}}|number=1|risk=7}}
 
{{Mobile_Top_10_2012:SubsectionAdvancedTemplate|type={{Mobile_Top_10_2012:StyleTemplate}}|number=1|risk=7}}
You mobile application can accept data from all kinds of sources. In most cases this will be an Inter Process Communication (IPC) mechanism. In general try and adhere to the following IPC design patterns:
+
Your mobile application can accept data from all kinds of sources. In most cases this will be an Inter Process Communication (IPC) mechanism. In general try and adhere to the following IPC design patterns:
  
 
* If there is a business requirement for IPC communication, the mobile application should restrict access to a white-list of trusted applications
 
* If there is a business requirement for IPC communication, the mobile application should restrict access to a white-list of trusted applications

Latest revision as of 18:32, 8 October 2015

Back To The Mobile Top Ten Main Page
Security Decisions Via Untrusted Inputs
Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts
Application Specific Exploitability
EASY
Prevalence
COMMON
Detectability
EASY
Impact
SEVERE
Application / Business Specific
Threat Agents include entities that can pass untrusted inputs to the sensitive method calls. Examples of such entities include, but are not limited to, users, malware and vulnerable apps. Exploitability of this vulnerability remains easy.
An attacker with access to app can intercept intermediate calls and manipulate results via parameter tampering.
Developers generally use hidden fields and values or any hidden functionality to distinguish higher level users from lower level users. An attacker can intercept the calls (IPC or web service calls) and temper with such sensitive parameters. Weak implementation of such functionalities leads to improper behavior of an app and even granting higher level permissions to an attacker.This can easily be exploited through hooking functionality. This vulnerability may lead to privilege escalation providing access of higher authorities and functionalities to an attacker. It can even bypass security mechanisms implemented by the app leading to loss of confidentiality and integrity. This vulnerability leads to loss of reputation.
At the same time, impacting and harming the integrity and confidentiality.

Am I Vulnerable To Security Decisions Via Untrusted Inputs?

Your mobile application can accept data from all kinds of sources. In most cases this will be an Inter Process Communication (IPC) mechanism. In general try and adhere to the following IPC design patterns:

  • If there is a business requirement for IPC communication, the mobile application should restrict access to a white-list of trusted applications
  • Sensitive actions which are triggered through IPC entry points should require user interaction before performing the action
  • All input received from IPC entry points must undergo stringent input validation in order to prevent input driven attacks
  • Do not pass any sensitive information through IPC mechanisms, as it may be susceptible to being read by third party applications under certain scenarios

How Do I Prevent Security Decisions Via Untrusted Inputs?

iOS Specific Examples:

  • Do not use the deprecated handleOpenURL method to handle URL Scheme calls. This method does not contain an argument containing the BundleID of the source application.
    • Instead use the openURL:sourceApplication:annotation method and validation the sourceApplication argument against a white-list of trusted applications
  • Do not use the iOS Pasteboard for IPC communications, as it is susceptible to being set or read by all third party apps on the device.

Android Specific Examples


Example Scenarios

Example Scenarios


References

References

An In Depth Introduction to the Android Permissions Modeland How to Secure MultiComponent Applications