Home > CAPEC List > CAPEC-505: Scheme Squatting (Version 2.9)  

CAPEC-505: Scheme Squatting

Scheme Squatting
Definition in a New Window Definition in a New Window
Attack Pattern ID: 505
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary, through a previously installed malicious application, registers for a URL scheme intended for a target application that has not been installed. Thereafter, messages intended for the target application are handled by the malicious application. Upon receiving a message, the malicious application displays a screen that mimics the target application, thereby convincing the user to enter sensitive information. This type of attack is most often used to obtain sensitive information (e.g., credentials) from the user as they think that they are interacting with the intended target application.

+ Solutions and Mitigations

The only known mitigation to this attack is to avoid installing the malicious application on the device. Applications usually have to declare the schemes they wish to register, so detecting this during a review is feasible.

+ References
[REF-54] Adrienne Porter Felt and David Wagner. "Phishing on Mobile Devices". 4.1.2 Man-In-The-Middle. University of California, Berkeley. 2011. <http://www.eecs.berkeley.edu/~daw/papers/mobphish-w2sp11.pdf>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015