Home > CAPEC List > CAPEC-498: Probe iOS Screenshots (Version 2.10)  

CAPEC-498: Probe iOS Screenshots

 
Probe iOS Screenshots
Definition in a New Window Definition in a New Window
Attack Pattern ID: 498
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary examines screenshot images created by iOS in an attempt to obtain sensitive information. These images are used by iOS to aid in the visual transition between open applications and improve the user's experience with a device. An application can be at risk even if it properly protects sensitive information when at rest. If the application displays sensitive information on the screen, then the potential exists for iOS to unintentionally record that information in an image file. An adversary can retrieve these images either by gaining access to the image files, or by physically obtaining the device and leveraging the multitasking switcher interface.

+ Attack Prerequisites
  • This type of an attack requires physical access to a device to either excavate the image files (potentially by leveraging a Jailbreak) or view the screenshots through the multitasking switcher (by double tapping the home button on the device).

+ Solutions and Mitigations

To mitigate this type of an attack, an application that may display sensitive information should clear the screen contents before a screenshot is taken. This can be accomplished by setting the key window's hidden property to YES. This code to hide the contents should be placed in both the applicationWillResignActive() and applicationDidEnterBackground() methods.

+ Technical Context
Architectural Paradigms
Mobile
+ References
[REF-50] Jonathan Zdziarksi. "Hacking and Securing iOS Applications". Chapter 11 : Page 285 : Application Screenshots. First Edition. O'Reilly Media, Inc.. 2012.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated Architectural_Paradigms, Related_Attack_Patterns, Technical_ContextInternal
Previous Entry Names
DatePrevious Entry Name
2015-11-09Probe Application Screenshots
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017