First, the sandbox mechanism of macOS is analyzed and a critical sandbox-bypass is identified. However, sandboxing is still optional for macOS apps distributed outside Apple's official app store. In addition, Apple has made it easier for developers to specify sandbox entitlements - capabilities that allow the app to access certain resources. Since June 1, 2012, sandboxing is a mandatory requirement for apps distributed through the Mac App Store (MAS). Sandboxing is intended to limit the effect of potential exploits and to mitigate overreach to personal data. Sandboxing is a way to deliberately restrict applications accessing resources that they do not need to function properly. Based on the data collected, this paper reveals how easy it is for criminals to collect lots of passwords, which are plain text or only weakly hashed. In this context, we deal with the two major challenges of a huge amount of different formats and the recognition of leaks' unknown data types. Our contribution is the concept and a prototype implementation of a parser, composed of a syntactic and a semantic module, and a data analyzer for identity leaks. This paper presents a novel approach to automatic analysis of a vast majority of bigger and smaller leaks. Our goal is to analyze this data and generate knowledge that can be used to increase security awareness and security, respectively. The public availability of such leaked data is a major threat to the victims, but also creates the opportunity to learn not only about security of service providers but also the behavior of users when choosing passwords. Smaller but not less dangerous leaks happen even multiple times a day. Almost every month we read about leakage of databases with more than a million users in the news. The relevance of identity data leaks on the Internet is more present than ever.
0 Comments
Leave a Reply. |