Difference between revisions of "Mobile Top 10 2014-M4"

From OWASP
Jump to: navigation, search
m
Line 7: Line 7:
 
{{Top_10_2010:SummaryTableValue-1-Template|Impact|SEVERE}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Impact|SEVERE}}
 
{{Top_10_2010:SummaryTableHeaderEndTemplate}}
 
{{Top_10_2010:SummaryTableHeaderEndTemplate}}
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Threat Description </td>
+
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Agents that may exploit this vulnerability include the following: mobile malware, modified versions of legitimate apps, or an adversary that has physical access to the victim's mobile device.</td>
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}> Attack Vector Description </td>
+
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>An agent that has physical access to the device will use freely available forensic tools to conduct the attack. An agent that has access to the device via malicious code will use fully permissible and documented API calls to conduct this attack.</td>
     <td colspan=2  {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Security Weakness Description </td>
+
     <td colspan=2  {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Unintended data leakage occurs when a developer inadvertantly places sensitive information or data in a location on the mobile device that is easily accessible by other apps on the device. First, a developer's code processes sensitive information supplied by the user or the backend. During that processing, a side-effect (that is unknown to the developer) results in that information being placed into an insecure location on the mobile device that other apps on the device may have open access to. Typically, these side-effects originate from the underlying mobile device's operating system (OS). This will be a very prevalent vulnerability for code produced by a developer that does not have intimate knowledge of how that information can be stored or processed by the underlying OS.
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Technical Impacts</td>
+
 
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>Business Impacts </td>
+
It is easy to detect data leakage by inspecting all mobile device locations that are accessible to all apps for the app's sensitive information.</td>
 +
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>This vulnerability may result in the following technical impacts: extraction of the app's sensitive information via mobile malware, modified apps, or forensic tools.</td>
 +
     <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate}}>The nature of the business impact is highly dependent upon the nature of the information stolen. Sensitive information theft may result in the following business impacts:
 +
 
 +
* Privacy Violations
 +
* PCI Violations
 +
* Reputational Damage; or
 +
* Fraud.</td>
 
{{Top_10_2010:SummaryTableEndTemplate}}
 
{{Top_10_2010:SummaryTableEndTemplate}}
  
 
{{Top_10_2010:SubsectionColoredTemplate|Am I Vulnerable to Unintended Data Leakage?||year=2014}}
 
{{Top_10_2010:SubsectionColoredTemplate|Am I Vulnerable to Unintended Data Leakage?||year=2014}}
Unintended data leakage (formerly side-channel data leakage) is a branch of Insecure Data Storage. It includes all manner of vulnerabilities that can be introduced by the OS, frameworks, compiler environment, new hardware, etc, all without a developers knowledge.  
+
Unintended data leakage (formerly side-channel data leakage) includes vulnerabilities from the OS, frameworks, compiler environment, new hardware, etc. without a developers knowledge.  
  
In the mobile development world this is most seen in undocumented (or under-documeted) internal processes such as:
+
In mobile development, this is most seen in undocumented (or under-documeted) internal processes such as:
  
 
* The way the OS caches data, images, key-presses, logging, and buffers.
 
* The way the OS caches data, images, key-presses, logging, and buffers.
Line 36: Line 43:
  
  
It is especially important to discern what a given OS or framework does by default. By identifying this and applying mitigating controls, you can avoid unintended data leakage. Specific examples to follow.
+
It is especially important to discern what a given OS or framework does by default. By identifying defaults and applying mitigating controls, you can avoid unintended data leakage.
  
 
{{Mobile_Top_10_2012:SubsectionAdvancedTemplate|type={{Mobile_Top_10_2012:StyleTemplate}}|number=3|risk=8}}
 
{{Mobile_Top_10_2012:SubsectionAdvancedTemplate|type={{Mobile_Top_10_2012:StyleTemplate}}|number=3|risk=8}}

Revision as of 19:21, 9 April 2014

Back To The Mobile Top Ten Main Page
Unintended Data Leakage
Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts
Application Specific Exploitability
EASY
Prevalence
COMMON
Detectability
EASY
Impact
SEVERE
Application / Business Specific
Agents that may exploit this vulnerability include the following: mobile malware, modified versions of legitimate apps, or an adversary that has physical access to the victim's mobile device. An agent that has physical access to the device will use freely available forensic tools to conduct the attack. An agent that has access to the device via malicious code will use fully permissible and documented API calls to conduct this attack. Unintended data leakage occurs when a developer inadvertantly places sensitive information or data in a location on the mobile device that is easily accessible by other apps on the device. First, a developer's code processes sensitive information supplied by the user or the backend. During that processing, a side-effect (that is unknown to the developer) results in that information being placed into an insecure location on the mobile device that other apps on the device may have open access to. Typically, these side-effects originate from the underlying mobile device's operating system (OS). This will be a very prevalent vulnerability for code produced by a developer that does not have intimate knowledge of how that information can be stored or processed by the underlying OS. It is easy to detect data leakage by inspecting all mobile device locations that are accessible to all apps for the app's sensitive information. This vulnerability may result in the following technical impacts: extraction of the app's sensitive information via mobile malware, modified apps, or forensic tools. The nature of the business impact is highly dependent upon the nature of the information stolen. Sensitive information theft may result in the following business impacts:
  • Privacy Violations
  • PCI Violations
  • Reputational Damage; or
  • Fraud.
Am I Vulnerable to Unintended Data Leakage?

Unintended data leakage (formerly side-channel data leakage) includes vulnerabilities from the OS, frameworks, compiler environment, new hardware, etc. without a developers knowledge.

In mobile development, this is most seen in undocumented (or under-documeted) internal processes such as:

  • The way the OS caches data, images, key-presses, logging, and buffers.
  • The way the development framework caches data, images, key-presses, logging, and buffers.
  • The way or amount of data ad, analytic, social, or enablement frameworks cache data, images, key-presses, logging, and buffers.
How Do I Prevent Unintended Data Leakage?

It is important to threat model your OS, platforms, and frameworks, to see how they handle the following types of features:

  • URL Caching (Both request and response)
  • Keyboard Press Caching
  • Copy/Paste buffer Caching
  • Application backgrounding
  • Logging
  • HTML5 data storage
  • Browser cookie objects
  • Analytics data sent to 3rd parties


It is especially important to discern what a given OS or framework does by default. By identifying defaults and applying mitigating controls, you can avoid unintended data leakage.


Example Scenarios

OS: iOS

  • URL Caching (Both request and response)
  • Keyboard Press Caching
  • Copy/Paste buffer Caching
  • Application backgrounding
  • Logging
  • HTML5 data storage
  • Browser cookie objects
  • Analytics data sent to 3rd parties

OS: Android

  • URL Caching (Both request and response)
  • Keyboard Press Caching
  • Copy/Paste buffer Caching
  • Application backgrounding
  • Logging
  • HTML5 data storage
  • Browser cookie objects
  • Analytics data sent to 3rd parties

References

References