adpare
77 lines
4.4 KiB
JSON
77 lines
4.4 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--8eb5aed3-4731-4909-ae45-c070ac8bc5b3",
|
|
"spec_version": "2.0",
|
|
"objects": [
|
|
{
|
|
"type": "attack-pattern",
|
|
"id": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
|
|
"created": "2017-10-25T14:48:19.996Z",
|
|
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"revoked": false,
|
|
"external_references": [
|
|
{
|
|
"source_name": "mitre-attack",
|
|
"url": "https://attack.mitre.org/techniques/T1414",
|
|
"external_id": "T1414"
|
|
},
|
|
{
|
|
"source_name": "Android 10 Privacy Changes",
|
|
"description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019.",
|
|
"url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data"
|
|
},
|
|
{
|
|
"source_name": "UIPPasteboard",
|
|
"description": "Apple Developer. (n.d.). UIPasteboard. Retrieved April 1, 2022.",
|
|
"url": "https://developer.apple.com/documentation/uikit/uipasteboard"
|
|
},
|
|
{
|
|
"source_name": "Fahl-Clipboard",
|
|
"description": "Fahl, S, et al.. (2013). Hey, You, Get Off of My Clipboard. Retrieved September 12, 2024.",
|
|
"url": "https://saschafahl.de/static/paper/pwmanagers2013.pdf"
|
|
},
|
|
{
|
|
"source_name": "Github Capture Clipboard 2019",
|
|
"description": "Pearce, G. (, January). Retrieved August 8, 2019.",
|
|
"url": "https://github.com/grepx/android-clipboard-security"
|
|
},
|
|
{
|
|
"source_name": "NIST Mobile Threat Catalogue",
|
|
"url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-35.html",
|
|
"external_id": "APP-35"
|
|
}
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
|
|
],
|
|
"modified": "2025-10-24T17:49:21.369Z",
|
|
"name": "Clipboard Data",
|
|
"description": "Adversaries may abuse clipboard manager APIs to obtain sensitive information copied to the device clipboard. For example, passwords being copied and pasted from a password manager application could be captured by a malicious application installed on the device.(Citation: Fahl-Clipboard) \n\n \n\nOn Android, applications can use the `ClipboardManager.OnPrimaryClipChangedListener()` API to register as a listener and monitor the clipboard for changes. However, starting in Android 10, this can only be used if the application is in the foreground, or is set as the device\u2019s default input method editor (IME).(Citation: Github Capture Clipboard 2019)(Citation: Android 10 Privacy Changes) \n\n \n\nOn iOS, this can be accomplished by accessing the `UIPasteboard.general.string` field. However, starting in iOS 14, upon accessing the clipboard, the user will be shown a system notification if the accessed text originated in a different application. For example, if the user copies the text of an iMessage from the Messages application, the notification will read \u201capplication_name has pasted from Messages\u201d when the text was pasted in a different application.(Citation: UIPPasteboard)",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "mitre-mobile-attack",
|
|
"phase_name": "collection"
|
|
},
|
|
{
|
|
"kill_chain_name": "mitre-mobile-attack",
|
|
"phase_name": "credential-access"
|
|
}
|
|
],
|
|
"x_mitre_attack_spec_version": "3.2.0",
|
|
"x_mitre_deprecated": false,
|
|
"x_mitre_domains": [
|
|
"mobile-attack"
|
|
],
|
|
"x_mitre_is_subtechnique": false,
|
|
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
|
|
"x_mitre_platforms": [
|
|
"Android",
|
|
"iOS"
|
|
],
|
|
"x_mitre_version": "3.1",
|
|
"x_mitre_tactic_type": [
|
|
"Post-Adversary Device Access"
|
|
]
|
|
}
|
|
]
|
|
} |