Cracking App Isolation On Apple Unauthorized Cross App-Books Pdf

Cracking App Isolation on Apple Unauthorized Cross App
30 Apr 2020 | 16 views | 0 downloads | 13 Pages | 873.26 KB

Share Pdf : Cracking App Isolation On Apple Unauthorized Cross App

Download and Preview : Cracking App Isolation On Apple Unauthorized Cross App

Report CopyRight/DMCA Form For : Cracking App Isolation On Apple Unauthorized Cross App



Transcription

very different from those provided by Android Specifically the posted on a private website 15 2 We also built an app that captures. construction of Apple sandboxes is significantly different from that the attempts to exploit the weaknesses. of Android in which each app is given a unique User ID UID Our study also shows that this XARA hazard is indeed general. allowing the Linux user protection to separate the apps In con across different platforms Even though iOS drops many useful. trast an Apple app is identified by its Apple ID which contains a functionalities of OS X e g keychain s access control list for shar. Bundle ID BID token used by the OS to enforce sandbox poli ing passwords or tokens across apps and therefore less vulnerable. cies The uniqueness of the token is ensured by the Apple Store it is still not immune to the threat Particularly its major IPC chan. Also OS X supports complicated cross app resource sharing For nel Scheme is equally subject to the hijacking attack we discov. example its keychain service allows multiple apps to share cre ered on MAC OS X Section 3 4 Further the WebSocket problem. dentials among them through an access control list Section 3 1 Section 3 3 actually comes from HTML5 which happens when. which is not supported on other systems like Android In addition a browser extension is connecting to a local program We found. to cross app resource sharing other cross app interactions i e IPC that the same attack can also succeed on iOS and Windows In. on Apple platforms also differ from those on Android Examples terestingly compared with OS X and iOS Android looks pretty. include NSConnection that shares objects between apps on OS X decent in terms of its protection against the XARA threat at the. and the URL Scheme uniquely associated with one single app for very least it offers a mechanism to protect its Intent based IPC. launching it with an URL1 So far little has been done to under through assigning a private attribute to the service and activity. stand whether the construction of app isolation on Apple platforms or guarding them with permissions which are missing on the Ap. is secure and whether its cross app mechanisms can bring in XARA ple platforms We further discuss the lessons learnt from our study. risks never known before particularly the need for clarifying the responsibilities for protect. Our work We conducted the first study on the XARA risks of ing a cross app mechanism between the OS provider and the app. Apple s isolation mechanisms and discovered surprising security developer and present key principles for avoiding XARA pitfalls. critical vulnerabilities major cross app resource sharing mecha when building new systems Section 5. nisms such as keychain and communication channels including Contributions The contributions of the paper are outlined as fol. WebSocket NSConnection and Scheme turn out to be insufficiently lows. protected by both the OS and the apps using them allowing a mali New understanding of the XARA threat We are the first to iden. cious program to steal from these apps sensitive user data also the tify the generality of the XARA problem and systematically inves. BID based sandbox construction is found to be less reliable than tigate the threat on the Apple platforms Our study brings to light. expected and its resource sharing mechanism can be exploited by a series of unexpected security critical flaws that can be exploited. the malicious app to break the sandbox confinement on OS X gain to circumvent Apple s isolation protection and its App Store s se. ing full access to other apps directories called container Note curity vetting The consequences of such attacks are devastating. that not only does our attack code circumvent the OS level protec leading to complete disclosure of the most sensitive user informa. tion but it can also get through the restrictive app vetting process of tion e g passwords to a malicious app even when it is sandboxed. the Apple Stores completely defeating its multi layer defense Such findings which we believe are just a tip of the iceberg will. Looking into the root cause of those security flaws we found that certainly inspire the follow up research on other XARA hazards. in the most cases neither the OS nor the vulnerable app properly across platforms Most importantly the new understanding about. authenticates the party it interacts with To understand the scope the fundamental cause of the problem Section 5 is invaluable to. and magnitude of this new XARA threat we developed an ana the development of better app isolation protection for future OSes. lyzer for automatically inspecting Apple apps binaries to deter New effort to mitigate the threat We developed new techniques. mine their susceptibility to the XARA threat that is whether they for identifying the apps vulnerable to the XARA threat and the. perform security checks when using vulnerable resource sharing attempts to exploit them during an operating system s runtime. mechanisms and IPC channels a necessary step that has never been. made clear by Apple In our study we ran the analyzer on 1 612 Roadmap The rest of the paper is organized as follows Sec. most popular MAC apps and 200 iOS apps and found that more tion 2 provides the background information for our research and. than 88 6 of the apps using those mechanisms and channels are the assumptions we made Section 3 elaborates the security analy. completely exposed to the XARA attacks Section 4 2 and ev sis we performed on OS X and iOS and the security problems we. ery app s container directory has been fully disclosed The conse discovered Section 4 describes the design and implementation of. quences are dire for example on the latest Mac OS X 10 10 3 our the automatic analyzer the findings made by running the tool on. sandboxed app successfully retrieved from the system s keychain popular apps and the app level mitigation we developed Section 5. the passwords and secret tokens of iCloud email and all kinds of highlights the lessons learnt from our study Section 6 reviews the. social networks stored there by the system app Internet Accounts related prior research and Section 7 concludes the paper. and bank and Gmail passwords from Google Chrome from var. ious IPC channels we intercepted user passwords maintained by 2 BACKGROUND. the popular 1Password app ranked 3rd by the MAC App Store In this section we describe how app isolation techniques work. and the secret token of Evernote ranked 3rd in the free Productiv on popular systems like Android MAC OS X and iOS the way they. ity apps also through exploiting the BID vulnerability our app handle inter app communication and security risks that come with. collected all the private notes under Evernote and all the photos un such a strategy Also we present the adversary model underlying. der WeChat We reported our findings to Apple and other software our study. vendors who all acknowledged their importance The video demos. of our attacks and our communication with the related parties are App sandboxing App sandboxing plays a critical role in the An. droid security architecture Each Android app is given a unique. UID and runs as the user Sensitive resources are assigned to Linux. groups such as GPS Audio etc This treatment automatically iso. On Android an Intent based Scheme is different as it can be connected to. multiple apps which the user can choose once the scheme is triggered We do not track the visitor. lates one app from others under the Linux user and process protec ject This allows another app i e an NSConnection client to com. tion To access system resources an app needs to request permis municate with the server after obtaining from the OS a proxy for. sions from the OS or the user A permission can also be defined by the server object using its name Specifically through the proxy the. the app for sharing its resources with authorized parties those with NSConnection client gets the vended object from the server The. the permission through the interfaces like content providers Intent NSConnection mechanism allows the client to invoke methods of. receiver etc the vended object and access its variables as if the object existed in. The Apple sandbox first appears on MAC OS X which utilizes the client process To this end the client app needs to declare an en. the TrustedBSD mandatory access control framework to enforce titlement com apple security temporary exception mach lookup gl. its security policies at the system call level Since OS X 10 7 5 obal name in its plist. Lion all apps submitted to the MAC App Store are required to be Socket based IPC is also available on OS X To use it sand. sandboxed with some exceptions given to those that need to run as boxed apps need to claim the network capability in their plists An. native code On the OS side a service called Gatekeeper blocks other unique IPC mechanism for both OS X and iOS is Scheme. the apps not signed by either the Apple Store or a trusted devel an app can invoke another specific app to work on a task with. oper from being installed3 This ensures that with proper security a URL click if the latter registers with the OS the scheme part. configurations most apps running on a MAC device are under the of the URL For example the URL yelp search terms. sandbox confinement In the meantime OS X maintains its com Coffee once triggered let one app launch the Yelp app to search. patibility with the traditional OS security design hosting trusted for Coffee nearby Here the yelp part is a scheme Al. native programs that run with the user s privileges On iOS how though this mechanism is also used on Android which has been. ever apps are much simpler e g without intensive document op implemented using Intent it is different from that for OS X and. erations and can therefore all be sandboxed iOS since Apple s OSes only allow one single app to be associated. Unlike Android which isolates an app solely based upon its with a scheme on a device while on Android the user is asked to. UID the Apple platforms just utilize UIDs to classify apps into choose a scheme s owner when there are more than one This ma. groups For example on OS X all the apps from the MAC app store jor difference enables our scheme hijacking attack Section 3 4. operate under the UID of the current OS user and those on iOS which however does not pose a threat on Android To register a. under the user mobile On these platforms separation is actually scheme an Apple app needs to register it with the OS This is done. enforced through the TrustBSD s API interpositions Each app is on OS X and iOS by simply declaring the scheme in the app s plist. identified by its Apple ID a two part string that consists of a Team file Such a channel can be used by any sandboxed app without. ID Apple assigns to the app developer and a Bundle ID supplied by specifying any entitlement. the developer for example A1B2C3D4E5 com apple mail Adversary model In our research we studied what an isolated. where the first part is the Team ID and the rest components form app can still do to collect sensitive data and utilize critical sources. the BID Any app submitted to the Apple Stores goes through a ver that belong to other apps when it is not entitled to do so For this. ification process that among other things ensures the uniqueness of purpose we assume that malicious apps are submitted to the Apple. the app s BID On OS X this identity also serves as the name of the Stores which puts them to the test of Apple s restrictive review pro. app s container directory Every sandboxed app on the Apple plat cess In the case that they get published the apps are supposed to. forms is given a container when it is first launched The directory be installed by the user who also runs security critical apps on her. is used to hold the app s internal data and cannot be accessed by device laptop or smartphone This is realistic since apps down. other sandboxed apps from different developers loaded from the Apple Stores are widely considered to be trusted. An app within the sandbox has only limited privileges By de and particularly almost all of them are confined within the sand. fault it can only read and write files within its container and some boxes For the malware installed in this way we assume that they. public directories This policy is enforced by checking the devel are isolated and only granted a small inconspicuous set of capabil. oper s signature on the app against an access control list ACL ities in addition to what are offered by the OSes by default they. associated with each directory see Section 3 2 Also it is not may need the networking permission only for the attack in Sec. allowed to access network sockets built in camera microphone tion 3 3 or that for the IPC client for the NSConnection attack. printer and other resources Whenever use of such resources be Note that these entitlements are among the most innocent ones. comes necessary the app explicitly requires them by declaring a. set of entitlements within its property file called plist file very. much like the Android manifest file Each entitlement is a key 3 XARA MENACES. value pair that identifies a specific capability e g access to cam In our research we conducted a systematic study on the XARA. era They are reviewed by the Apple Stores to determine whether threat over the Apple platforms MAC OS X in particular Our. the capabilities should be granted For some capabilities such as focus is on how inter app interaction channels and services are pro. access to GPS locations camera etc the OS further asks for the tected. Cracking App Isolation on Apple Unauthorized Cross App Resource Access on MAC OS X and iOS Luyi Xing 1 Xiaolong Bai 2 Tongxin Li3 XiaoFeng Wang

Related Books

UCAS Tariff tables University of Manchester

UCAS Tariff tables University of Manchester

City amp Guilds Level 3 Diploma in ICT Systems and Principles for IT Professionals 67 These Tariff points are used for applications submitted for the 2017 admissions cycle onwards i e for students making

UCAS Tariff tables British Council

UCAS Tariff tables British Council

UCAS Tariff tables Tariff points for entry to higher education from 2019 May 2018 updated October 2018 These Tariff points are used for applications submitted for the 2019 admissions cycle onwards i e for students making applications from September 2018 for full time courses starting from September 2019 Security Marking PUBLIC Page 2 of 177 Table of Contents Using the Tariff tables

Curriculum Document Curriculum Code Curriculum Title

Curriculum Document Curriculum Code Curriculum Title

Curriculum Document Curriculum Code Curriculum Title 641201000 National Occupational Qualification Bricklayer Document Status Date Final Draft for Final Industry Verification 06 July 2012 Development Quality Partner Name E mail Phone Logo Victor Smith Victors masterbuilders co za 031 266 7070

Registered Charity No 1073475 GUILD OF BRICKLAYERS

Registered Charity No 1073475 GUILD OF BRICKLAYERS

Bricklaying apprentice with Heathfield Builders and later moved to John Hunt and Co Ltd Enrolled at Highbury College in Portsmouth on day release course Achieved City and Guilds Craft and Advanced Craft qualifications in bricklaying Started teaching in 1973 at Highbury College and joined the Guild of Bricklayers in 1986 Graham was elected the 7th National Secretary of the Guild of

CHLORIDE Gryphon Inc

CHLORIDE Gryphon Inc

90 NET Series CHLORIDE POWER PROTECTION 10H52171UM01 Revision 3 12 4 07 page ii 10H52171UM01 Revision 3 12 4 07 page iii 10H52171UM01 Revision 3 12 4 07 page iv User and Operating Manual CHLORIDE 27944 N Bradley Rd Libertyville IL 60048 Toll Free Phone 800 239 2257 Toll Free Fax 800 833 6829 Phone 847 990 3228 Fax 847 968 2130 EMERGENCY SERVICE phone

C Class Coup amp Cabriolet Mercedes Benz Australia

C Class Coup amp Cabriolet Mercedes Benz Australia

C Class Coup C 200 Coup Technical Data 1 991cc 4 cylinder 150kW 300Nm Direct injection turbocharged petrol 9G TRONIC ECO start stop Rear wheel drive Fuel Data 7 0 L 100km combined cycle ADR 81 02 159 g CO 2 p km Key Features 18 inch AMG 5 spoke alloy wheels ARTICO upholstery All digital instrument amp media display LED high performance

C Class Sedan amp Estate Mercedes Benz Australia

C Class Sedan amp Estate Mercedes Benz Australia

C Class Sedan C 200 Sedan Technical Data 1 991cc 4 cylinder 150kW 300Nm Direct injection turbocharged petrol 9G TRONIC ECO start stop Rear wheel drive Fuel Data 7 0L 100km combined cycle ADR 81 02 159g CO 2 p km Key Features 18 inch 5 twin spoke alloy wheels ARTICO upholstery All digital instrument amp media display LED high performance headlamps

A Trip to the Co op The Production Consumption and

A Trip to the Co op The Production Consumption and

and Salvation of Canadian Wilderness Abstract In this paper I analyze Mountain Equipment Co op MEC catalogues from 1987 2007 in order to examine how they produce wilderness invite consumption and offer up their products as a means of salvation for wilderness and for MEC members My analysis of the MEC catalogues draws connections between how wilderness and indeed the nation is

LAND INDIGENISATION AND EMPOWERMENT

LAND INDIGENISATION AND EMPOWERMENT

was reduced to fantasies of salvation by President Robert Mugabe as a charismatic leader primarily because the electorate was seduced into viewing Zanu PF as the most credible party to pull the country out of the economic quagmire through its land indigenisation empowerment pro poor and anti Western policies These policies resonated well with the growing numbers of wage less

Page no 9 2 Post Human Beings amp Techno Salvation

Page no 9 2 Post Human Beings amp Techno Salvation

human fantasies adventures and romances interfuse with technological future which tends to blur the age old conflict between science and religious belief Blending with visions of science and technology many of these science fiction films and novels portrait fantasies or quests for salvation immortality overcoming physical illness innovation power etc as posthuman crises of a post

Speakout Pre intermediate Second Edition Pearson

Speakout Pre intermediate Second Edition Pearson

Speakout Pre intermediate Second Edition Speakout Second Edition is a comprehensive six level general English course for adults that has been developed in association with BBC Worldwide and BBC Learning English The course integrates authentic video from popular BBC programmes into every unit and builds the skills and knowledge learners need to express themselves confidently in a real English