TECHNIQUES
- Home
- Techniques
- Mobile
- URL Scheme Hijacking
URL Scheme Hijacking
ID: T1415
Sub-techniques:
No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic:
Credential Access
Platforms: iOS
MTC ID:
AUT-10
Version: 1.1
Created: 25 October 2017
Last Modified: 03 February 2019
Mitigations
Mitigation | Description |
---|---|
Application Vetting |
Check for potential malicious definitions of URL schemes when vetting applications. Also, when examining apps for potential vulnerabilities, encourage use of universal links as an alternative to URL schemes. When examining apps that use OAuth, encourage use of best practices.[5][6] |
References
- Hui Xue, Tao Wei, Yulong Zhang, Song Jin, Zhaofeng Chen. (2015, February 19). IOS MASQUE ATTACK REVIVED: BYPASSING PROMPT FOR TRUST AND APP URL SCHEME HIJACKING. Retrieved December 21, 2016.
- Nitesh Dhanjani. (2010, November 8). Insecure Handling of URL Schemes in Apple’s iOS. Retrieved December 21, 2016.
- N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016.
- Michael T. Raggo. (2015, October 1). iOS URL Scheme Hijacking (XARA) Attack Analysis and Countermeasures. Retrieved December 21, 2016.
- Apple. (n.d.). Support Universal Links. Retrieved December 21, 2016.
- W. Denniss and J. Bradley. (2017, October). IETF RFC 8252: OAuth 2.0 for Native Apps. Retrieved November 30, 2018.
×